Lucene search
This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.ALTAVISTA_SEARCH.NASLHistoryJan 09, 2000 - 12:00 a.m.
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
2000-01-0900:00:00
This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.
www.tenable.com
14
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.02
Percentile
88.8%
It is possible to read the content of any files on the remote host (such as your configuration files or other sensitive data) by using the Altavista Intranet Search service, and performing the request:
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(10015);
script_bugtraq_id(896);
script_version("1.41");
script_cve_id("CVE-2000-0039");
script_name(english:"AltaVista Intranet Search CGI query Traversal Arbitrary File Access");
script_summary(english:"Checks if query?mss=... reads arbitrary files");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains a CGI script that is affected by an
information disclosure vulnerability." );
script_set_attribute(attribute:"description", value:
"It is possible to read the content of any files on the remote
host (such as your configuration files or other sensitive data)
by using the Altavista Intranet Search service, and performing
the request:" );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Dec/350" );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Dec/371" );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Jan/15" );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Jan/122" );
script_set_attribute(attribute:"see_also", value:"http://doc.altavista.com/business_solutions/search_products/free_downloads/search_intranet.shtml" );
script_set_attribute(attribute:"solution", value:
"The vendor has released a patch that reportedly fixes this issue." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"plugin_publication_date", value: "2000/01/09");
script_set_attribute(attribute:"vuln_publication_date", value: "1999/12/29");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.");
family["english"] = "CGI abuses";
script_family(english:family["english"]);
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
item = "/cgi-bin/query?mss=%2e%2e/config";
r = http_send_recv3(method:"GET", item:item, port:port);
if (isnull(r)) exit(0);
result = strcat(r[0], r[1], '\r\n', r[2]);
if("MGMT_PW" >< result){
security_warning(port);
exit(0);
}
Related
exploitdb
exploitdb
AltaVista Search Intranet 2.0 b/2.3 - Directory Traversal
1999-12-29 00:00:00
cvelist
cvelist
CVE-2000-0039
2000-03-22 05:00:00
cve
cve
CVE-2000-0039
2000-03-22 05:00:00
nvd
nvd
CVE-2000-0039
1999-12-29 05:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.02
Percentile
88.8%
Related for ALTAVISTA_SEARCH.NASL