HTTP: BigBrother Information Disclosure
This signature detects attempts to use BigBrother CGI scripts to gather information about your system. Attackers can locate files or valid user accounts.
Extended Description
Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing. The problem occurs in the Common Gateway Interface package included with Big Brother, which runs on the Big Brother Display Server. The CGI is responsible for statistical posting of network operations on the Big Brother Display Server, an interface which is accessible via Web Browser. Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the the CGI of the Display Server. Yielding this information to a malicious user could result in a targeted brute force password cracking attack. The following files are affected by this flaw: bb-hist.sh bb-histlog.sh bb-hostsvc.sh bb-rep.sh bb-replog.sh bb-ack.sh
Affected Products
Bb4 big_brother_network_monitor
Short Name
HTTP:BIGBROTHER:INFO-DISCLOSURE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
BigBrother CVE-2000-1177 Disclosure Information bid:1971
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Bb4
CVSS Score
5.0