Detections
Analytics

Google Urchin <= 5.7.03 report.cgi Administrative Bypass

medium Nessus Network Monitor Plugin ID 4242

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running the Google Urchin web application.
This version of Urchin is reported prone to a flaw where an attacker can gain administrative access to the application. The 'report.cgi' script fails to adequately verify that the user is authorized. An attacker exploiting this flaw would be able to perform some subset of administrative duties without authentication.

Solution

Upgrade to a version of Urchin higher than 5.7.03.

See Also

http://www.roirevolution.com/urchin

Plugin Details

Severity: Medium

ID: 4242

Family: Generic

Published: 10/12/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6.2

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:roi_revolution:urchin

Reference Information

CVE: CVE-2007-5113

BID: 26037