04WebServer Multiple Vulnerabilities (XSS, DoS, more)

Medium Nessus Plugin ID 15713


The remote web server is susceptible to several forms of attack.


The remote host is running a version of 04WebServer which is older than version 1.5. Such versions are affected by multiple vulnerabilities :

- A cross-site scripting vulnerability in the Response_default.html script which could allow an attacker to execute arbitrary code in the user's browser.

- A log file content injection vulnerability which could allow an attacker to insert false entries into the log file.

- A DoS vulnerability caused by an attacker specifying a DOS device name in the request URL.


Upgrade to version 1.5 of this software.

See Also





Plugin Details

Severity: Medium

ID: 15713

File Name: 04webserver.nasl

Version: $Revision: 1.18 $

Type: remote

Family: Web Servers

Published: 2004/11/13

Modified: 2016/09/22

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/11/11

Reference Information

CVE: CVE-2004-1512, CVE-2004-1513, CVE-2004-1514

BID: 11652

OSVDB: 11606, 11607, 11608

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990