Detections
Analytics

OSSIM download.php Directory Traversal

medium Nessus Plugin ID 45082

Language:

Synopsis

An application hosted on the remote web server has a directory traversal vulnerability.

Description

The version of OSSIM hosted on the remote host has a directory traversal vulnerability. Input to the 'file' parameter of the 'ossim/repository/download.php' script is not properly sanitized.

A remote attacker could exploit this to download arbitrary files, subject to the privileges under which the web server operates.

This version of OSSIM likely has other vulnerabilities in its web interface, though Nessus has not checked for them.

Solution

Upgrade to OSSIM 2.2.1 or later.

See Also

http://www.nessus.org/u?4bd9f4c5

https://www.alienvault.com/docs/2.2.1_release_notes.txt

Plugin Details

Severity: Medium

ID: 45082

File Name: ossim_web_download_dir_traversal.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 3/17/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/PHP, www/ossim

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/16/2010

Vulnerability Publication Date: 3/16/2010

Reference Information

BID: 38780

Secunia: 38969