04WebServer Multiple Vulnerabilities (XSS, DoS, more)

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is susceptible to several forms of attack.

Description :

The remote host is running a version of 04WebServer which is older
than version 1.5. Such versions are affected by multiple
vulnerabilities :

- A cross-site scripting vulnerability in the
Response_default.html script which could allow an attacker
to execute arbitrary code in the user's browser.

- A log file content injection vulnerability which could
allow an attacker to insert false entries into the log
file.

- A DoS vulnerability caused by an attacker specifying a
DOS device name in the request URL.

See also :

http://archives.neohapsis.com/archives/bugtraq/2004-11/0135.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0191.html
http://attrition.org/pipermail/vim/2006-August/000978.html
http://www.security.org.sg/vuln/04webserver142.html

Solution :

Upgrade to version 1.5 of this software.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 15713 (04webserver.nasl)

Bugtraq ID: 11652

CVE ID: CVE-2004-1512
CVE-2004-1513
CVE-2004-1514