Computer Associates ARCserve D2D homepageServlet Servlet Information Disclosure

critical Nessus Plugin ID 55720

Synopsis

The remote web server hosts a Java servlet that is affected by an information disclosure vulnerability.

Description

The installed version of ARCserve D2D, a disk-based backup product from Computer Associates, allows an unauthenticated, remote attacker to discover the username and password used by the affected application. This can be accomplished by sending a specially crafted POST request to the 'homepageServlet' servlet that contains the getLocalHost message as well as the name of the Google Web Toolkit Procedure Call (GWT RPC) descriptor.

Note that these are credentials for the Windows user with Administrator privileges supplied during the ARCserve install process.

Note also that an attacker reportedly can use these credentials to gain access to the application and run arbitrary commands with the associated privileges on the affected host by, for example, configuring a command to run before a backup is started and then starting a backup.

Solution

Apply the RO33517 fix.

See Also

http://www.nessus.org/u?13ae8740

https://www.securityfocus.com/archive/1/518983/30/0/threaded

https://www.securityfocus.com/archive/1/519002/30/0/threaded

http://www.nessus.org/u?b67c794a

Plugin Details

Severity: Critical

ID: 55720

File Name: arcserve_d2d_homepageservlet_info.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 7/28/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: www/arcserve_d2d

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 8/4/2011

Vulnerability Publication Date: 7/26/2011

Exploitable With

CANVAS (White_Phosphorus)

Metasploit (CA Arcserve D2D GWT RPC Credential Information Disclosure)

Elliot (CA ARCserve D2D r15 Credentials Disclosure)

Reference Information

CVE: CVE-2011-3011

BID: 48897