Detections
Analytics

HP SiteScope getFileInternal Arbitrary File Download

high Nessus Plugin ID 62099

Language:

Synopsis

A web application on the remote host has an arbitrary file download vulnerability.

Description

The version of HP SiteScope hosted on the remote web server has an arbitrary file download vulnerability. The application hosts a web service that allows the getFileInternal() method to be invoked without authentication. A remote, unauthenticated attacker could exploit this to download arbitrary files.

This software has other unpatched vulnerabilities, though Nessus has not checked for those issues.

Solution

For versions 11.10, 11.11, and 11.12, upgrade to SiteScope 11.13. After upgrading, disable the vulnerable API by adding '_disableOldAPIs=true' to the master.config file.

For version 11.20, contact HP Software Support Online for patches.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-176/

http://www.nessus.org/u?c5e3c8e4

Plugin Details

Severity: High

ID: 62099

File Name: hp_sitescope_getfileinternal.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 9/14/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hp:mercury_sitescope

Required KB Items: www/sitescope

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/19/2012

Vulnerability Publication Date: 8/29/2012

Exploitable With

Metasploit (HP SiteScope Remote Code Execution)

Elliot (HP SiteScope 11.20 File Upload)

Reference Information

BID: 55269