This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host has software installed that is potentially affected by
The remote host has a version of Cogent DataHub, formerly known as
Cascade DataHub and OFC DataHub, installed that is prior to 7.3.5. It
is, therefore, potentially affected by the following vulnerabilities :
- A cross-site scripting flaw exists due to not
validating user input before returning it. This could
allow a remote attacker with a specially crafted
request to execute arbitrary script code.
- A directory traversal flaw exists due to user input not
being properly sanitized. This could allow a remote
attacker access to hard-coded files. (CVE-2014-2353)
- A heap-based buffer overflow flaw exists due to user-
supplied input not being properly validated when
handling negative content-length field. This could
allow a remote attacker to cause a denial of service or
arbitrary code execution. (CVE-2014-3788)
- A flaw exists with 'GetPermissions.asp' due to failing
to sanitize input from the active server page. This
could allow a remote attacker to execute arbitrary
- Multiple flaws related to the included OpenSSL 1.0.0d
See also :
Upgrade to Cogent DataHub 7.3.5 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Nessus Plugin ID: 76147 ()
Bugtraq ID: 67485674866777067772
CVE ID: CVE-2014-2352CVE-2014-2353CVE-2014-3788CVE-2014-3789
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.