HTTP: Mountain-net WebCart Order Disclosure
This signature detects attempts to exploit a known vulnerability in Mountain Network Systems Webcart software. Attackers can remotely execute arbitrary commands on the server.
Extended Description
WebCart is a web commerce product provided by Mountain Network Systems, Inc. Certain poorly configured default installations leave customer order information in remotely accessible text files, including credit card details and other sensitive information. These files include orders/checks.txt, config/import.txt, config/mountain.cfg, and possibly others. Exact version information has not been determined; this default configuration issue may have been resolved in more recent versions. Regardless, it should be noted that this is not a vulnerability in the strictest sense but rather a poor configuration issue.
Affected Products
Mountain_network_systems_inc. webcart
Short Name
HTTP:PKG:MOUNTAIN-WEBCART-DISC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-1999-0610 Disclosure Mountain-net Order WebCart bid:2281
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mountain_network_systems_inc.
CVSS Score
5.0