|Title:||Cognos Powerplay WE Vulnerability|
|Summary:||Checks for the ppdscgi.exe CGI|
The CGI script ppdscgi.exe, part of the PowerPlay
Web Edition package, is installed.
Due to design problems as well as some
potential web server misconfiguration
PowerPlay Web Edition may serve up data
cubes in a non-secure manner. Execution
of the PowerPlay CGI pulls cube data into
files in an unprotected temporary directory.
Those files are then fed back to frames in
the browser. In some cases it is trivial for an
unauthenticated user to tap into those data
files before they are purged.
Solution : Cognos doesn't consider this
problem as being an issue, so they
do not provide any solution.
Risk factor : Medium
BugTraq ID: 491|
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.