CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities

critical Nessus Plugin ID 73611

Synopsis

The remote web server contains a ColdFusion-based application that is affected by multiple vulnerabilities.

Description

According to its version number, the CommonSpot install hosted on the remote web server is affected by multiple vulnerabilities :

- An access restriction bypass via a direct request.
(CVE-2014-2859)

- Multiple cross-site scripting (XSS) vulnerabilities.
(CVE-2014-2860, CVE-2014-2861)

- Improper authorization checks in unspecified requests can allow a remote, unauthenticated attacker to perform unauthorized actions. (CVE-2014-2862)

- Multiple path traversal vulnerabilities allow remote, unauthenticated attackers to request full pathnames in parameters. (CVE-2014-2863)

- Multiple directory traversal vulnerabilities.
(CVE-2014-2864)

- The application fails to restrict the use of a NULL byte, which can be used to bypass access restrictions.
(CVE-2014-2865)

- The application uses client JavaScript code for access restrictions, which can be bypassed with attacker- controlled JavaScript. (CVE-2014-2866)

- Unrestricted file uploads could allow for dangerous file types to be added to the server. (CVE-2014-2867)

- Multiple pages allow a remote attacker to override ColdFusion variables via HTTP GET requests.
(CVE-2014-2868)

- Multiple pages allow for information disclosure.
(CVE-2014-2869)

- The application stores credentials in plaintext in the underlying application database by default.
(CVE-2014-2870)

- The application transmits credentials in cleartext via HTTP. (CVE-2014-2871)

- Multiple directory listings allow for potential access to sensitive information. (CVE-2014-2872)

- The application allows unauthenticated access to log files allowing for information disclosure.
(CVE-2014-2873)

- The application allows remote, unauthenticated attackers to execute arbitrary commands with arbitrary parameters.
(CVE-2014-2874)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to CommonSpot version 7.0.2 / 8.0.3 / 9.0.0 or later.

See Also

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2859.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2860.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2861.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2862.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2863.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2864.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2865.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2866.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2867.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2868.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2869.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2870.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2871.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2872.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2873.html

https://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2874.html

https://www.paperthin.com/support/tech-specs.cfm

Plugin Details

Severity: Critical

ID: 73611

File Name: commonspot_7_0_2.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 4/18/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:paperthin:commonspot_content_server

Required KB Items: www/commonspot

Exploit Ease: No known exploits are available

Patch Publication Date: 4/11/2014

Vulnerability Publication Date: 4/14/2014

Reference Information

CVE: CVE-2014-2859, CVE-2014-2860, CVE-2014-2861, CVE-2014-2862, CVE-2014-2863, CVE-2014-2864, CVE-2014-2865, CVE-2014-2866, CVE-2014-2867, CVE-2014-2868, CVE-2014-2869, CVE-2014-2870, CVE-2014-2871, CVE-2014-2872, CVE-2014-2873, CVE-2014-2874

BID: 66813

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

CERT: 437385