OpenCms < 6.2.2 Multiple Vulnerabilities

medium Nessus Plugin ID 22093

Synopsis

The remote web server contains a Java application that is affected by multiple vulnerabilities.

Description

The remote host is running OpenCms, a Java-based content management system.

According to its banner, the version of OpenCms installed on the remote host reportedly allows authenticated users to upload OpenCms modules and database import/export files, download arbitrary files, send messages to all users, and launch cross-site scripting attacks.

Solution

Upgrade to OpenCms version 6.2.2 or later.

See Also

http://mail.opencms.org/pipermail/opencms-dev/2006q3/025016.html

https://seclists.org/fulldisclosure/2006/Jul/615

Plugin Details

Severity: Medium

ID: 22093

File Name: opencms_622.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 7/27/2006

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/21/2006

Reference Information

CVE: CVE-2006-3933, CVE-2006-3934, CVE-2006-3935, CVE-2006-3936

BID: 19174

CWE: 22