Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.THTTPD_BUG.NASL
HistoryJun 22, 1999 - 12:00 a.m.

thttpd Double Slash Request Arbitrary File Access

1999-06-2200:00:00
This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
44

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON

The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name.

For instance, ‘GET //etc/passwd’ will return the contents of the remote file ‘/etc/passwd’.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10286);
 script_version ("1.36");
 script_cvs_date("Date: 2018/08/15 16:35:43");
 script_cve_id("CVE-1999-1456");
 
 script_name(english:"thttpd Double Slash Request Arbitrary File Access");
 
 script_set_attribute(attribute:"synopsis", value:
"It is possible to use the remote web server to read arbitrary files on the
remote system." );
 script_set_attribute(attribute:"description", value:
"The remote HTTP server allows an attacker to read arbitrary files
on the remote host with the privileges of the web server, simply by 
adding a slash in front of its name. 

For instance, 'GET //etc/passwd' will return the contents of the
remote file '/etc/passwd'." );
 script_set_attribute(attribute:"solution", value:
"Upgrade your web server or change it." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

 script_set_attribute(attribute:"plugin_publication_date", value: "1999/06/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "check thttpd for /etc/passwd";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

w = http_send_recv3(method:"GET", item:"/etc/passwd", port:port);
if (isnull(w)) exit(1, "the web server did not answer");
rep = w[2];

if (egrep(pattern:".*root:.*:0:[01]:.*", string:rep))exit(0);

u = "//etc/passwd";
w = http_send_recv3(method:"GET", item:u, port:port);
if (isnull(w)) exit(1, "the web server did not answer");
rep = w[2];

if (egrep(pattern:".*root:.*:0:[01]:.*", string:rep))
  security_warning(port:port, extra: 
strcat('GET ', u, ' returns :\n\n', rep, 
 '\nClicking on this URL may show the flaw :\n', 
 build_url(qs: u, port:port), '\n'));

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-1999-1456
2002-03-09 05:00:00
cve
cve
CVE-1999-1456
2002-03-09 05:00:00
nvd
nvd
CVE-1999-1456
1999-12-31 05:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for THTTPD_BUG.NASL
cvelist1cve1nvd1