WebConnect Multiple Remote Vulnerabilities (deprecated)

High Nessus Network Monitor Plugin ID 2639

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running OpenConnect WebConnect. WebConnect is a web-based graphical user interface that gives remote users console access to mainframe, midrange, and Unix systems. WebConnect can be used to launch a Java-based telnet console that communicates over the HTTP protocol. This version of WebConnect is vulnerable to several remote attacks. The impact of the attack ranges from Denial of Service (DoS) to data compromise. An attacker exploiting these flaws would only need to be able to send HTTP requests to the web server. Successful exploitation would result in compromise of data or loss of availability.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2639

Family: CGI

Published: 2005/02/22

Modified: 2016/09/08

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:C

Reference Information

CVE: CVE-2004-0466, CVE-2004-0465

BID: 12613