10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.91 High
EPSS
Percentile
98.9%
It is possible that the remote web server contains one or more dangerous CGI scripts.
Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities.
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
# Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>
#
# See the Nessus Scripts License for details
# Changes by Tenable:
# - Revised plugin title, moved CVE from header comment to CVE (4/9/2009)
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11748);
script_version("1.40");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/07");
script_cve_id(
"CVE-1999-0934",
"CVE-1999-0935",
"CVE-1999-0936",
"CVE-1999-0937",
"CVE-1999-1072",
"CVE-1999-1374",
"CVE-1999-1377",
"CVE-2000-0288",
"CVE-2000-0423",
"CVE-2000-0526",
"CVE-2000-0923",
"CVE-2000-0952",
"CVE-2000-0977",
"CVE-2000-1023",
"CVE-2000-1131",
"CVE-2000-1132",
"CVE-2001-0022",
"CVE-2001-0023",
"CVE-2001-0076",
"CVE-2001-0099",
"CVE-2001-0100",
"CVE-2001-0123",
"CVE-2001-0133",
"CVE-2001-0135",
"CVE-2001-0180",
"CVE-2001-0420",
"CVE-2001-0562",
"CVE-2001-1100",
"CVE-2001-1196",
"CVE-2001-1205",
"CVE-2001-1212",
"CVE-2001-1283",
"CVE-2001-1343",
"CVE-2002-0203",
"CVE-2002-0230",
"CVE-2002-0263",
"CVE-2002-0346",
"CVE-2002-0611",
"CVE-2002-0710",
"CVE-2002-0749",
"CVE-2002-0750",
"CVE-2002-0751",
"CVE-2002-0752",
"CVE-2002-0917",
"CVE-2002-0955",
"CVE-2002-1334",
"CVE-2002-1526",
"CVE-2003-0153",
"CVE-2004-0251",
"CVE-2004-0665",
"CVE-2004-0696",
"CVE-2004-0734"
);
script_bugtraq_id(
1784,
2177,
2197,
4211,
4579,
5078,
6265
);
script_name(english:"Multiple Dangerous CGI Script Detection");
script_set_attribute(attribute:"synopsis", value:
"The remote web server may contain some dangerous CGI scripts.");
script_set_attribute(attribute:"description", value:
"It is possible that the remote web server contains one or more
dangerous CGI scripts.
Note that this plugin does not actually test for the underlying flaws
but instead only searches for scripts with the same name as those with
known vulnerabilities.");
script_set_attribute(attribute:"solution", value:
"Visit http://cve.mitre.org/ and check the associated CVE entry for
each script found. If you are running a vulnerable version, then
delete or upgrade the script.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:ND/RC:ND");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-0734");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(22);
script_set_attribute(attribute:"vuln_publication_date", value:"2001/01/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2003-2022 John Lampe");
script_dependencies("find_service1.nasl", "http_version.nasl");
script_require_keys("Settings/ThoroughTests", "Settings/ParanoidReport");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
include("global_settings.inc");
if ( report_paranoia < 2 || ! thorough_tests )
exit(0, "This plugin is slow and prone to FP: it will only run in 'paranoid' mode and if the 'Perform thorough tests' setting enabled.");
port = get_http_port(default:80, embedded:TRUE);
if ( get_kb_item("www/no404/" + port ) || ! port) exit(0);
if(!get_port_state(port))exit(0);
var cgi;
var cve;
cgi[0] = "AT-admin.cgi"; cve[0] = "CVE-1999-1072";
cgi[1] = "CSMailto.cgi"; cve[1] = "CVE-2002-0749"; # and CVE-2002-0750, CVE-2002-0751, and CVE-2002-0752
cgi[2] = "UltraBoard.cgi"; cve[2] = "CVE-2001-0135";
cgi[3] = "UltraBoard.pl"; cve[3] = cve[2];
cgi[4] = "YaBB.cgi"; cve[4] = "CVE-2002-0955";
cgi[5] = "a1disp4.cgi"; cve[5] = "CVE-2001-0562";
cgi[6] = "alert.cgi"; cve[6] = "CVE-2002-0346";
cgi[7] = "authenticate.cgi"; cve[7] = "CVE-2000-0923";
cgi[8] = "bbs_forum.cgi"; cve[8] = "CVE-2001-0123";
cgi[9] = "bnbform.cgi"; cve[9] = "CVE-1999-0937";
cgi[10] = "bsguest.cgi"; cve[10] = "CVE-2001-0099";
cgi[11] = "bslist.cgi"; cve[11] = "CVE-2001-0100";
cgi[12] = "catgy.cgi"; cve[12] = "CVE-2001-1212";
cgi[13] = "cgforum.cgi"; cve[13] = "CVE-2000-1132";
cgi[14] = "classifieds.cgi"; cve[14] = "CVE-1999-0934";
cgi[15] = "csPassword.cgi"; cve[15] = "CVE-2002-0917";
cgi[16] = "cvsview2.cgi" ; cve[16] = "CVE-2003-0153";
cgi[17] = "cvslog.cgi"; cve[17] = cve[16];
cgi[18] = "multidiff.cgi"; cve[18] = "CVE-2003-0153";
cgi[19] = "dnewsweb.cgi"; cve[19] = "CVE-2000-0423";
cgi[20] = "download.cgi"; cve[20] = "CVE-1999-1377";
cgi[21] = "edit_action.cgi"; cve[21] = "CVE-2001-1196";
cgi[22] = "emumail.cgi"; cve[22] = "CVE-2002-1526";
cgi[23] = "everythingform.cgi"; cve[23] = "CVE-2001-0023";
cgi[24] = "ezadmin.cgi"; cve[24] = "CVE-2002-0263";
cgi[25] = "ezboard.cgi"; cve[25] = "CVE-2002-0263";
cgi[26] = "ezman.cgi"; cve[26] = cve[25];
cgi[27] = "ezadmin.cgi"; cve[27] = cve[25];
cgi[28] = "FileSeek.cgi"; cve[28] = "CVE-2002-0611";
cgi[29] = "fom.cgi"; cve[29] = "CVE-2002-0230";
cgi[30] = "gbook.cgi"; cve[30] = "CVE-2000-1131";
cgi[31] = "getdoc.cgi"; cve[31] = "CVE-2000-0288";
cgi[32] = "global.cgi"; cve[32] = "CVE-2000-0952";
cgi[33] = "guestserver.cgi"; cve[33] = "CVE-2001-0180";
cgi[34] = "imageFolio.cgi"; cve[34] = "CVE-2002-1334";
cgi[35] = "lastlines.cgi"; cve[35] = "CVE-2001-1205";
cgi[36] = "mailfile.cgi"; cve[36] = "CVE-2000-0977";
cgi[37] = "mailview.cgi"; cve[37] = "CVE-2000-0526";
cgi[38] = "sendmessage.cgi"; cve[38] = "CVE-2001-1100";
cgi[39] = "nsManager.cgi"; cve[39] = "CVE-2000-1023";
cgi[40] = "perlshop.cgi"; cve[40] = "CVE-1999-1374";
cgi[41] = "readmail.cgi"; cve[41] = "CVE-2001-1283";
cgi[42] = "printmail.cgi"; cve[42] = cve[41];
cgi[43] = "register.cgi"; cve[43] = "CVE-2001-0076";
cgi[44] = "sendform.cgi"; cve[44] = "CVE-2002-0710";
cgi[45] = "sendmessage.cgi"; cve[45] = "CVE-2001-1100";
cgi[46] = "service.cgi"; cve[46] = "CVE-2002-0346";
cgi[47] = "setpasswd.cgi"; cve[47] = "CVE-2001-0133";
cgi[48] = "simplestmail.cgi"; cve[48] = "CVE-2001-0022";
cgi[49] = "simplestguest.cgi"; cve[49] = cve[48];
cgi[50] = "talkback.cgi"; cve[50] = "CVE-2001-0420";
cgi[51] = "ttawebtop.cgi"; cve[51] = "CVE-2002-0203";
cgi[52] = "ws_mail.cgi"; cve[52] = "CVE-2001-1343";
cgi[53] = "survey.cgi"; cve[53] = "CVE-1999-0936";
cgi[54] = "rxgoogle.cgi"; cve[54] = "CVE-2004-0251";
cgi[55] = "ShellExample.cgi"; cve[55] = "CVE-2004-0696";
cgi[56] = "Web_Store.cgi"; cve[56] = "CVE-2004-0734";
cgi[57] = "csFAQ.cgi"; cve[57] = "CVE-2004-0665";
flag = 0;
directory = "";
mymsg = strcat("\n", "The following dangerous CGI scripts were found :", "\n\n");
for (i = 0 ; cgi[i]; i = i + 1) {
foreach dir (cgi_dirs()) {
if(is_cgi_installed_ka(item:strcat(dir, "/", cgi[i]), port:port)) {
flag = 1;
mymsg = mymsg + strcat(" - ", dir, "/", cgi[i], " (", cve[i], ")\n");
}
}
}
if (flag) {
security_hole(port:port, extra:mymsg);
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0917
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0734