Detections
Analytics
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
medium Nessus Plugin ID 25994
Language:
Synopsis
The remote web server contains a CGI application that is affected by multiple issues.Description
The 'file.cgi' script included with the version of SecurityReporter installed on the remote host fails to sanitize input to the 'name' parameter before returning the contents of the specified file and supports bypassing authentication using specially crafted arguments. An unauthenticated, remote attacker can exploit these issues to retrieve the contents of arbitrary files on the remote host.In addition, 'file.cgi' allows an attacker to bypass authentication using a specially crafted 'name' parameter.
Note that SecurityReporter is also known as 'Network Security Analyzer' and is included in products from eIQnetworks, Top Layer Networks, Clavister, Astaro, Reflex Security, H3C, Piolink, and MiraPoint.
Solution
Upgrade to version 4.6.3 if necessary and then apply SecurityReporter v4.6.3 patch 1. Or contact the vendor for a patch.See Also
http://www.oliverkarow.de/research/securityreporter.txt
https://www.securityfocus.com/archive/1/474472/30/0/threaded
Plugin Details
Severity: Medium
ID: 25994
File Name: securityreporter_463p1.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 9/6/2007
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploited by Nessus: true
Reference Information
CVE: CVE-2007-3985, CVE-2007-3986
BID: 25027