Signature Detail

APP: SuperScout Web Reports Server User Database Access

This signature detects attempts to exploit a known vulnerability in the Webfilter for SuperScout Web Reports Server running on Microsoft Windows 2000 and NT. Attackers can use a simple GET request to obtain the user database (a txt file that contains user names and encrypted passwords) from the server.

Extended Description

SurfControl SuperScout WebFilter is web filtering software for Microsoft Windows operating systems. SurfControl SuperScout WebFilter includes a remotely accessible reporting service. It has been reported that SuperScout WebFilter insecurely stores some types of information. The reports server included as part of the SuperScout WebFilter package stores sensitive information in a publicly accessible, unrestricted directory. A remote user could gain access to user credentials.

Affected Products

• SurfControl SuperScout Web Filter for Windows NT/2000 3.0.0
• SurfControl SuperScout Web Filter for Windows NT/2000 3.0.3
• SurfControl Web Filter for Windows NT/2000 4.0.0
• SurfControl Web Filter for Windows NT/2000 4.1.0

References

• BugTraq: 5856
• CVE: CVE-2002-0705
• URL: http://www.securityfocus.com/bid/5856
• URL: http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt
• URL: http://www.iss.net/security_center/static/10248.php