Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.ADOBE_ACROBAT_CVE-2014-5315.NASL
HistorySep 23, 2014 - 12:00 a.m.

Adobe Acrobat Help Page XSS

2014-09-2300:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
23

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

88.0%

JSON

The version of Adobe Acrobat installed on the remote host is a version equal to or prior to 9.5.2. It is, therefore, affected by an input validation error related to the Help page that can allow cross-site scripting attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77813);
  script_version("1.4");
  script_cvs_date("Date: 2018/06/27 18:42:26");

  script_cve_id("CVE-2014-5315");
  script_bugtraq_id(69791);

  script_name(english:"Adobe Acrobat Help Page XSS");
  script_summary(english:"Checks the version of Adobe Acrobat.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Adobe Acrobat on the remote Windows host is affected by
a cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Acrobat installed on the remote host is a version
equal to or prior to 9.5.2. It is, therefore, affected by an input
validation error related to the Help page that can allow cross-site
scripting attacks.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://jvn.jp/en/jp/JVN84376800/index.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Adobe Acrobat 10.1.11 / 11.0.08 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("adobe_acrobat_installed.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Adobe Acrobat");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

app_name = "Adobe Acrobat";
install = get_single_install(app_name:app_name);

version = install['version'];
path    = install['path'];
verui   = install['display_version'];

# Affected :
# <= 9.5.2
if (ver_compare(ver:version, fix:'9.5.2', strict:FALSE) <= 0)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  set_kb_item(name:'www/'+port+'/XSS', value: TRUE);

  if (report_verbosity > 0)
  {
    report = '\n  Path              : '+path+
             '\n  Installed version : '+verui+
             '\n  Fixed version     : 10.1.11 / 11.0.08' +
             '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);
VendorProductVersionCPE
adobeacrobatcpe:/a:adobe:acrobat

Related

jvn 1
nessus 1
openvas 3
cvelist 1
prion 1
cve 1
nvd 1
jvn
jvn
JVN#84376800: Help Page in multiple Adobe products vulnerable to cross-site scripting
2014-09-12 00:00:00
nessus
nessus
Adobe Acrobat Help Page XSS (Mac OS X)
2014-09-23 00:00:00
openvas
openvas
Adobe Acrobat Help Page Cross Site Scripting Vulnerability - Windows
2017-12-29 00:00:00
Adobe ColdFusion Help Page Cross Site Scripting Vulnerability
2017-12-29 00:00:00
Adobe Acrobat Help Page Cross Site Scripting Vulnerability - Mac OS X
2017-12-29 00:00:00
cvelist
cvelist
CVE-2014-5315
2014-09-26 10:00:00
prion
prion
Cross site scripting
2014-09-26 10:55:00
cve
cve
CVE-2014-5315
2014-09-26 10:55:04
nvd
nvd
CVE-2014-5315
2014-09-26 10:55:04

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

88.0%

JSON
Related for ADOBE_ACROBAT_CVE-2014-5315.NASL
jvn1nessus1openvas3cvelist1prion1cve1nvd1