Apache Archiva 1.2.x <= 1.2.2 / 1.3.x <= 1.3.6 Multiple Vulnerabilities

high Nessus Plugin ID 73761

Synopsis

The remote web server hosts an application that is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Apache Archiva hosted on the remote web server is 1.2.x prior than or equal to 1.2.2 or 1.3.x prior than or equal to 1.3.6 and thus is affected by the following vulnerabilities :

- An input validation error exists related to unspecified scripts and unspecified parameters that could allow cross-site scripting attacks.
(CVE-2013-2187)

- Input validation errors exist related to the bundled version of Apache Struts that could allow arbitrary Object-Graph Navigation Language (OGNL) expression execution via specially crafted requests.
(CVE-2013-2251)

Solution

Upgrade to Apache Archiva 1.3.8 / 2.0.1 or later.

See Also

http://archiva.apache.org/security.html

http://commons.apache.org/proper/commons-ognl/

Plugin Details

Severity: High

ID: 73761

File Name: archiva_1_3_8.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 4/29/2014

Updated: 4/25/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2251

Vulnerability Information

CPE: cpe:/a:apache:archiva

Required KB Items: www/archiva

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/18/2014

Vulnerability Publication Date: 7/16/2013

CISA Known Exploited Vulnerability Due Dates: 4/15/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution)

Elliot (Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux)

Reference Information

CVE: CVE-2013-2187, CVE-2013-2251

BID: 61189, 66991, 66998

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990