How to Buy
This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote host is running an application that is affected by multiple
The remote host is running a version of Cogent DataHub, formerly known
as Cascade DataHub and OFC DataHub, that is prior to 7.3.5. It is,
therefore, affected by the following vulnerabilities :
- A directory traversal vulnerability exists due improper
validation of user-supplied input to the directory
specifier. A remote attacker can exploit this to access
hard-coded files. (CVE-2014-2352)
- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input. An attacker
can exploit this, via a specially crafted request, to
execute arbitrary script code in a user's browser
- An overflow condition exists in the web server due to
improper validation of user-supplied input when handling
a negative content-length field. A remote attacker can
exploit this to cause a heap-based buffer overflow,
resulting in a denial of service condition or the
execution of arbitrary code. (CVE-2014-3788)
- A command injection vulnerability exists in the
'GetPermissions.asp' active server page in the
EvalExpresssion method due to improper sanitization of
user-supplied input. A remote attacker can exploit this
to execute arbitrary commands in the context of the
DataHub process. (CVE-2014-3789)
- Multiple vulnerabilities exist related to the bundled
OpenSSL 1.0.0d library.
See also :
Upgrade to Cogent DataHub version 7.3.5 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Nessus Plugin ID: 76147 ()
Bugtraq ID: 67485674866777067772
CVE ID: CVE-2014-2352CVE-2014-2353CVE-2014-3788CVE-2014-3789
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.