CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
According to its self-reported version, the instance of Apache Archiva hosted on the remote web server is 1.2.x prior than or equal to 1.2.2 or 1.3.x prior than or equal to 1.3.6 and thus is affected by the following vulnerabilities :
An input validation error exists related to unspecified scripts and unspecified parameters that could allow cross-site scripting attacks.
(CVE-2013-2187)
Input validation errors exist related to the bundled version of Apache Struts that could allow arbitrary Object-Graph Navigation Language (OGNL) expression execution via specially crafted requests.
(CVE-2013-2251)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(73761);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2013-2187", "CVE-2013-2251");
script_bugtraq_id(61189, 66991, 66998);
script_xref(name:"EDB-ID", value:"27135");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
script_name(english:"Apache Archiva 1.2.x <= 1.2.2 / 1.3.x <= 1.3.6 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts an application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of Apache Archiva
hosted on the remote web server is 1.2.x prior than or equal to 1.2.2
or 1.3.x prior than or equal to 1.3.6 and thus is affected by the
following vulnerabilities :
- An input validation error exists related to
unspecified scripts and unspecified parameters that
could allow cross-site scripting attacks.
(CVE-2013-2187)
- Input validation errors exist related to the bundled
version of Apache Struts that could allow arbitrary
Object-Graph Navigation Language (OGNL) expression
execution via specially crafted requests.
(CVE-2013-2251)");
script_set_attribute(attribute:"see_also", value:"http://archiva.apache.org/security.html");
script_set_attribute(attribute:"see_also", value:"http://commons.apache.org/proper/commons-ognl/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Archiva 1.3.8 / 2.0.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2251");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/16");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:archiva");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("archiva_detect.nasl");
script_require_keys("www/archiva");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 8080);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:8080, embedded:FALSE);
install = get_install_from_kb(appname:'archiva', port:port, exit_on_fail:TRUE);
dir = install['dir'];
install_url = build_url(port:port, qs:dir+'/index.action');
version = install['ver'];
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, "Apache Archiva", install_url);
if (version !~ "^1\.[23]($|\.)") audit(AUDIT_WEB_APP_NOT_INST, "Apache Archiva 1.2.x / 1.3.x", port);
# Affected (per NVD) :
# 1.2.x <= 1.2.2
# 1.3.x <= 1.3.6
# Fixed (per vendor) :
# 1.3.8
# 2.0.1
if (
version =~ "^1\.2($|[^0-9.])" ||
version =~ "^1\.2\.[012]($|[^0-9])" ||
version =~ "^1\.3($|[^0-9.])" ||
version =~ "^1\.3\.[0-6]($|[^0-9])"
)
{
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
if (report_verbosity > 0)
{
report =
'\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : 1.3.8 / 2.0.1' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "Apache Archiva", install_url, version);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%