|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-04-11 | |
| Rule Name: | Moxa Mxview Private Key Information Disclosure Vulnerability (CVE-2017-7455) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |
| Impact: | A copy of MXview web servers private key is stored at C:\Users\TARGET-USER\AppData\Roaming\moxa\mxview\web\certs\mxview.key. An attacker can easily access the private key "mxview.key" file via an HTTP GET request, and do further illegal actions by using the private key. | |
| Affected OS: | Other Unix, Linux | |
| Reference: | ExploitDB:41850 http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html http://seclists.org/fulldisclosure/2017/Apr/49 |
|
| Solutions |
|---|
| No information about possible solutions is published. Please use an alternative product to substitude the affected software. |