04WebServer Multiple Vulnerabilities (XSS, DoS, more)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is susceptible to several forms of attack.

Description :

The remote host is running a version of 04WebServer which is older
than version 1.5. Such versions are affected by multiple
vulnerabilities :

- A cross-site scripting vulnerability in the
Response_default.html script which could allow an attacker
to execute arbitrary code in the user's browser.

- A log file content injection vulnerability which could
allow an attacker to insert false entries into the log

- A DoS vulnerability caused by an attacker specifying a
DOS device name in the request URL.

See also :


Solution :

Upgrade to version 1.5 of this software.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 15713 (04webserver.nasl)

Bugtraq ID: 11652

CVE ID: CVE-2004-1512