Bitrix bitrix.xscan Module < 1.0.4 bitrix.xscan_worker.php 'file' Parameter Path Traversal File Disclosure

medium Nessus Plugin ID 99932

Synopsis

A PHP application running on the remote web server contains a module that is affected by a path traversal vulnerability.

Description

The version of the Bitrix bitrix.xscan module running on the remote web server is prior to 1.0.4. It is, therefore, affected by a path traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter passed to the /bitrix/admin/bitrix.xscan_worker.php script. An authenticated, remote attacker can exploit this, via a specially crafted HTTP GET request, to rename arbitrary files and read the content of arbitrary files on the host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported module version number.

Solution

Upgrade to Bitrix bitrix.xscan module version 1.0.4 or later.

See Also

https://www.htbridge.com/advisory/HTB23278

Plugin Details

Severity: Medium

ID: 99932

File Name: bitrix_xscan_1_0_4_module.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 5/2/2017

Updated: 6/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: x-cpe:/a:bitrix:bitrix, cpe:/a:bitrix:xscan

Required KB Items: www/PHP, installed_sw/Bitrix

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/24/2015

Vulnerability Publication Date: 11/18/2015

Reference Information

CVE: CVE-2015-8357

BID: 79776

IAVA: 2017-A-0129