5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.019 Low
EPSS
Percentile
88.7%
The Thunderstone Software TEXIS application running on the remote host is affected by an information disclosure vulnerability that allows an unauthenticated, remote attacker to obtain the full path of the web root directory by making a specially crafted request for a nonexistent file.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11401);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2002-0266");
script_bugtraq_id(4035);
script_xref(name:"EDB-ID", value:"21276");
script_name(english:"Thunderstone Software TEXIS Nonexistent File Request Path Disclosure");
script_summary(english:"Checks for TEXIS path disclosure.");
script_set_attribute(attribute:"synopsis", value:
"A CGI application running on the remote host is affected by an
information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The Thunderstone Software TEXIS application running on the remote
host is affected by an information disclosure vulnerability that
allows an unauthenticated, remote attacker to obtain the full path of
the web root directory by making a specially crafted request for a
nonexistent file.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Feb/66");
script_set_attribute(attribute:"solution", value:
"Upgrade Thunderstone Software TEXIS to the latest version.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:thunderstone_software:texis");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
vuln = FALSE;
files = make_list("texis.exe", "texis.cgi", "texis");
file404 = "/" + rand_str() + "-" + SCRIPT_NAME - ".nasl";
file_regex = "Can't open source file (.*): No such file";
foreach dir (cgi_dirs())
{
foreach file (files)
{
url = "/" + file + file404;
res = http_send_recv3(
method : "GET",
item : dir + url,
port : port,
exit_on_fail : TRUE
);
if(
("Texis Web Script" >< res[2]) &&
egrep(pattern:file_regex, string:res[2], icase:TRUE)
)
{
vuln = TRUE;
break;
}
}
}
if (vuln)
{
output = strstr(res[2], "Texis Web Script");
if (empty_or_null(output)) output = res[2];
security_report_v4(
port : port,
severity : SECURITY_WARNING,
generic : TRUE,
request : make_list(build_url(qs:dir + url, port:port)),
output : chomp(output)
);
exit(0);
}
else
audit(AUDIT_WEB_SERVER_NOT_AFFECTED, port);
Vendor | Product | Version | CPE |
---|---|---|---|
thunderstone_software | texis | cpe:/a:thunderstone_software:texis |