Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBMIN_1_850.NASLHistoryMar 22, 2018 - 12:00 a.m.
Webmin < 1.850 Multiple Cross Site Scripting Vulnerabilities
2018-03-2200:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
59.5%
According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.850. It is, therefore, affected by multiple cross site scripting vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(108559);
script_version("1.4");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-9313");
script_bugtraq_id(99373);
script_name(english:"Webmin < 1.850 Multiple Cross Site Scripting Vulnerabilities");
script_summary(english:"Checks version of Webmin.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross site scripting
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Webmin install hosted on
the remote host is prior to 1.850. It is, therefore, affected by
multiple cross site scripting vulnerabilities.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/99373");
script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Webmin 1.850 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("webmin.nasl");
script_require_keys("www/webmin", "Settings/ParanoidReport");
script_require_ports("Services/www", 10000);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
app = 'Webmin';
port = get_http_port(default:10000, embedded: TRUE);
get_kb_item_or_exit('www/'+port+'/webmin');
version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
dir = "/";
install_url = build_url(port:port, qs:dir);
fix = "1.850";
if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
report =
'\n URL : ' + install_url +
'\n Version Source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xss:TRUE);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Related
cvelist
cvelist
CVE-2017-9313
2017-07-04 02:00:00
prion
prion
Cross site scripting
2017-07-04 02:29:00
openvas
openvas
Webmin Multiple XSS Vulnerabilities (Jul 2017) - Linux
2017-07-11 00:00:00
Webmin Multiple XSS Vulnerabilities (Jul 2017) - Windows
2017-07-11 00:00:00
packetstorm
packetstorm
Webmin 1.840 Cross Site Scripting
2017-07-03 00:00:00
nvd
nvd
CVE-2017-9313
2017-07-04 02:29:00
osv
osv
CVE-2017-9313
2017-07-04 02:29:00
zdt
zdt
Webmin 1.840 Cross Site Scripting Vulnerability
2017-07-04 00:00:00
cve
cve
CVE-2017-9313
2017-07-04 02:29:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
59.5%
Related for WEBMIN_1_850.NASL