Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2021 Mathieu PerrinNPH-PUBLISH.NASL
HistoryDec 15, 1999 - 12:00 a.m.

Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write

1999-12-1500:00:00
This script is Copyright (C) 1999-2021 Mathieu Perrin
www.tenable.com
105

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.6%

JSON

The ‘nph-publish.cgi’ is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon (usually root or nobody).

#%NASL_MIN_LEVEL 70300
#
# This script was written by Mathieu Perrin <[email protected]>
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Revised plugin description, removed invalid CVE (4/21/009)

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(10164);
 script_version("1.34");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-1999-1177");

 script_name(english:"Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write");
 script_summary(english:"Checks for the presence of /cgi-bin/nph-publish.cgi");

 script_set_attribute(attribute:"synopsis", value:"It may be possible to run arbitrary commands on the remote host.");
 script_set_attribute(attribute:"description", value:
"The 'nph-publish.cgi' is installed. This CGI has a well known security
flaw that lets an attacker to execute arbitrary commands with the
privileges of the HTTP daemon (usually root or nobody).");
 script_set_attribute(attribute:"solution", value:"Remove it from /cgi-bin.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

 script_set_attribute(attribute:"vuln_publication_date", value:"1997/03/14");
 script_set_attribute(attribute:"plugin_publication_date", value:"1999/12/15");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 1999-2021 Mathieu Perrin");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);
res = is_cgi_installed_ka(port:port, item:"nph-publish.cgi");
if( res )security_hole(port);

Related

cvelist 1
cve 1
nvd 1
openvas 2
cvelist
cvelist
CVE-1999-1177
2002-03-09 05:00:00
cve
cve
CVE-1999-1177
2002-03-09 05:00:00
nvd
nvd
CVE-1999-1177
1999-12-31 05:00:00
openvas
openvas
nph-publish.cgi
2005-11-03 00:00:00
nph-publish.cgi
2005-11-03 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.6%

JSON
Related for NPH-PUBLISH.NASL
cvelist1cve1nvd1openvas2