Bonsai < 1.4 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 1584

Synopsis

The remote host has the CGI suite 'Bonsai' installed.

Description

The remote host has the CGI suite 'Bonsai' installed. This suite is used to navigate a CVS repository with a web browser. The remote Bonsai might be vulnerable to various flaws, including path disclosure, cross-site scripting and remote command execution.

Solution

Upgrade to the latest version of Bonsai.

Plugin Details

Severity: Critical

ID: 1584

File Name: 1584.prm

Family: CGI

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1442

Nessus ID: 11440

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2003-0152, CVE-2003-0153, CVE-2003-0154, CVE-2003-0155

BID: 5516, 5517