Lucene search
This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.WEBLOGIC_MULTIPLE_VULNS.NASLHistorySep 14, 2004 - 12:00 a.m.
WebLogic < 8.1 SP3 Multiple Vulnerabilities
2004-09-1400:00:00
This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.
www.tenable.com
94
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.005
Percentile
77.0%
According to its banner, the remote web server is BEA WebLogic version 8.1 SP2 or older. There are multiple vulnerabilities in such versions that may allow unauthorized access on the remote host or to get the content of the remote JSP scripts.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14722);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2004-2320");
script_bugtraq_id(11168);
script_xref(name:"CERT", value:"867593");
script_name(english:"WebLogic < 8.1 SP3 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple flaws.");
script_set_attribute(attribute:"description", value:
"According to its banner, the remote web server is BEA WebLogic version
8.1 SP2 or older. There are multiple vulnerabilities in such versions
that may allow unauthorized access on the remote host or to get the
content of the remote JSP scripts.");
script_set_attribute(attribute:"see_also", value:"https://securitytracker.com/id/1008866");
script_set_attribute(attribute:"solution", value:
"Apply Service Pack 3 on WebLogic 8.1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(200);
script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.");
script_dependencies("weblogic_detect.nasl");
script_require_keys("www/weblogic");
script_require_ports("Services/www", 80, 7001);
exit(0);
}
#
include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("http.inc");
appname = "WebLogic";
get_kb_item_or_exit("www/weblogic");
port = get_http_port(default:80);
version = get_kb_item_or_exit("www/weblogic/" + port + "/version");
banner = get_http_banner(port:port);
if (!banner || "WebLogic " >!< banner) audit(AUDIT_INST_VER_NOT_VULN, appname, version);
vuln = FALSE;
pat = "^Server:.*WebLogic .*([0-9]+\.[0-9.]+) ";
matches = egrep(pattern:pat, string:banner);
if (matches) {
foreach match (split(matches)) {
match = chomp(match);
ver = eregmatch(pattern:pat, string:match);
if (!isnull(ver)) {
# Extract the version and service pack numbers.
nums = split(ver[1], sep:".", keep:FALSE);
ver_maj = int(nums[0]);
ver_min = int(nums[1]);
sp = ereg_replace(
string:match,
pattern:".* (Service Pack |SP)([0-9]+) .+",
replace:"\2"
);
if (!sp) sp = 0;
else sp = int(sp);
# Check them against vulnerable versions listed in BEA's advisories.
if (
# version 6.x
(
ver_maj == 6 &&
(
ver_min < 1 ||
(ver_min == 1 && sp <= 6)
)
) ||
# version 7.x
(ver_maj == 7 && (ver_min == 0 && sp <= 5)) ||
# version 8.x
(
ver_maj == 8 &&
(
ver_min < 1 ||
(ver_min == 1 && sp <= 2)
)
)
) vuln = TRUE;
}
}
}
if (vuln)
{
security_hole(port);
exit(0);
}
audit(AUDIT_INST_VER_NOT_VULN, appname, version);
Related
cve
cve
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:30:00
redhatcve
redhatcve
CVE-2004-2320
2015-10-30 09:39:58
CVE-2007-3008
2015-10-30 09:28:33
cvelist
cvelist
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:00:00
nvd
nvd
CVE-2004-2320
2004-12-31 05:00:00
CVE-2007-3008
2007-06-04 17:30:00
openvas
openvas
Buffalo Buffalo LS210D < 1.82 Multiple Vulnerabilities
2024-05-17 00:00:00
http TRACE XSS attack
2005-11-03 00:00:00
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
nessus
nessus
HTTP TRACE / TRACK Methods Allowed
2003-01-23 00:00:00
HTTP Reverse Proxy Detection (Deprecated)
2002-07-02 00:00:00
prion
prion
Cross site scripting
2007-06-04 17:30:00
f5
f5
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.005
Percentile
77.0%
Related for WEBLOGIC_MULTIPLE_VULNS.NASL