Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 Tenable Network Security, Inc.JRUN_GETDIR.NASL
HistoryFeb 16, 2016 - 12:00 a.m.

Allaire JRun Encoded JSP Request Directory Listing

2016-02-1600:00:00
This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.
www.tenable.com
32

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.012

Percentile

85.7%

JSON

The version of Allaire JRun running on the remote host is affected by an information disclosure vulnerability due to an issue in handling malformed URLs. An unauthenticated, remote attacker can exploit this, via a crafted request, to display a listing of files in arbitrary directories, which may contain sensitive files.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(10814);
  script_version("1.35");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2001-1510");
  script_bugtraq_id(3592);

  script_name(english:"Allaire JRun Encoded JSP Request Directory Listing");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an information disclosure
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Allaire JRun running on the remote host is affected by
an information disclosure vulnerability due to an issue in handling
malformed URLs. An unauthenticated, remote attacker can exploit this,
via a crafted request, to display a listing of files in arbitrary
directories, which may contain sensitive files.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/3689");
  script_set_attribute(attribute:"solution", value:
"Disable directory browsing in each of the applications and refer to
the referenced URL for further steps.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2001/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:macromedia:jrun");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if (thorough_tests)
  dirs = list_uniq(make_list("/images", "/html", cgi_dirs()));
else
  dirs = make_list(cgi_dirs());

dir_lists = get_kb_list('www/'+port+'/content/directory_index');
new_dirs = make_list();

foreach dir (dirs)
{
  foreach dir_list (dirs_list)
  {
    # Skip if the root dir contains a dir listing to avoid a FP situation
    if (dir >< dir_list) continue;
    else new_dirs = make_list(new_dirs, dir);
  }
}

foreach dir (new_dirs)
{
  res = http_send_recv3(
    method : "GET",
    port   : port,
    item   : dir + "/%3f.jsp",
    exit_on_fail : TRUE
  );
  if ( ("Index of" >< res[2]) || ("[To Parent Directory]" >< res[2]) )
  {
    output = strstr(res[2], "Index of");
    if (empty_or_null(output))
      output = strstr(res[2], "[To Parent Directory");
    if (empty_or_null(output))
      output = res[2];

    security_report_v4(
      port         : port,
      generic      : TRUE,
      severity     : SECURITY_WARNING,
      request      : make_list(build_url(qs:dir + "/%3f.jsp", port:port)),
      output       : output
    );
    exit(0);
  }
}
audit(AUDIT_WEB_SERVER_NOT_AFFECTED, port);

Related

nvd 1
openvas 2
cvelist 1
cve 1
nvd
nvd
CVE-2001-1510
2001-12-31 05:00:00
openvas
openvas
Allaire JRun directory browsing vulnerability
2005-11-03 00:00:00
Allaire/Macromedia JRun Directory Browsing Vulnerability (MPSB01-13) - Active Check
2005-11-03 00:00:00
cvelist
cvelist
CVE-2001-1510
2005-07-14 04:00:00
cve
cve
CVE-2001-1510
2005-07-14 04:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.012

Percentile

85.7%

JSON
Related for JRUN_GETDIR.NASL
nvd1openvas2cvelist1cve1