Rule: -- Sid: 2246 -- Summary: This event is generated when an attempt is made to access Webadmin from a source external to the protected network. -- Impact: Information disclosure. -- Detailed Information: WebAdmin is a web application that allows remote administration of MDaemon and RelayFax. A vulnerability exists such that the URI used by WebAdmin discloses the installation location of MDaemon and RelayFax. A URI can also be crafted by an attacker that would allow the reading of any file on the system. This information might then be used in further attacks against the host. -- Affected Systems: WebAdmin prior to 2.0.3 -- Attack Scenarios: The attacker needs to login to the server as an administrator then use WebAdmin. -- Ease of Attack: Simple. No exploit software required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Upgrade to the latest non-affected version of the software. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: Bugtraq archive: http://www.securityfocus.com/archive/1/319735 --