Lucene search
This script is Copyright (C) 2000-2018 and is owned by Tenable, Inc. or an Affiliate thereof.CERN_HTTPD_PATH.NASLHistoryJan 20, 2000 - 12:00 a.m.
CERN httpd Virtual Web Path Disclosure
2000-01-2000:00:00
This script is Copyright (C) 2000-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.007
Percentile
80.8%
The remote host appears to be running CERN httpd. It was possible to get the physical location of a virtual web directory by issuing the request :
GET /cgi-bin/ls HTTP/1.0
A remote attacker could use this information to mount further attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(10037);
script_version ("1.33");
script_cve_id("CVE-2000-0079");
script_bugtraq_id(936);
script_name(english:"CERN httpd Virtual Web Path Disclosure");
script_summary(english:"Attempts to find the location of the remote web root");
script_set_attribute(
attribute:"synopsis",
value:"The remote web server has an information disclosure vulnerability."
);
script_set_attribute(attribute:"description", value:
"The remote host appears to be running CERN httpd. It was possible to
get the physical location of a virtual web directory by issuing the
request :
GET /cgi-bin/ls HTTP/1.0
A remote attacker could use this information to mount further attacks." );
# https://web.archive.org/web/20010216230448/http://archives.neohapsis.com/archives/bugtraq/2000-01/0222.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?76c8a7f2"
);
script_set_attribute( attribute:"solution", value:
"CERN httpd is no longer maintained. Switch to using an actively
supported web server." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2000/01/20");
script_set_attribute(attribute:"vuln_publication_date", value: "2000/01/18");
script_cvs_date("Date: 2018/07/02 18:48:55");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2000-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/cern");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
foreach dir (cgi_dirs())
{
d = string(dir, "/ls");
r = http_send_recv3(method:"GET", item:d, port:port);
if( r == NULL ) exit(0);
r = tolower(r);
if(" neither '/" >< r){
security_warning(port);
exit(0);
}
}
Related
cve
cve
CVE-2000-0079
2000-02-04 05:00:00
cvelist
cvelist
CVE-2000-0079
2000-02-04 05:00:00
nvd
nvd
CVE-2000-0079
2000-01-18 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.007
Percentile
80.8%
Related for CERN_HTTPD_PATH.NASL