|
|||
Rule General Information |
---|
Release Date: | 2017-04-11 | |
Rule Name: | Moxa Mxview Private Key Information Disclosure Vulnerability (CVE-2017-7455) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. | |
Impact: | A copy of MXview web servers private key is stored at C:\Users\TARGET-USER\AppData\Roaming\moxa\mxview\web\certs\mxview.key. An attacker can easily access the private key "mxview.key" file via an HTTP GET request, and do further illegal actions by using the private key. | |
Affected OS: | Other Unix, Linux | |
Reference: | ExploitDB:41850 http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html http://seclists.org/fulldisclosure/2017/Apr/49 |
|
Solutions |
---|
No information about possible solutions is published. Please use an alternative product to substitude the affected software. |