Lucene search
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.BADBLUE_REMOTE_ADMINISTRATIVE_ACCESS.NASLHistoryApr 27, 2003 - 12:00 a.m.
BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass
2003-04-2700:00:00
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
www.tenable.com
12
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
68.3%
The remote host is running the BadBlue web server earlier than 2.2.
Such versions are reportedly affected by an authentication bypass vulnerability. It is possible for an attacker to gain administrative access using a filename with a .ats extension instead of a .hts extension.
#
# (C) Tenable Network Security, Inc.
#
# Ref:
# From: "Matthew Murphy" <[email protected]>
# To: "BugTraq" <[email protected]>
# Subject: BadBlue Remote Administrative Access Vulnerability
# Date: Sun, 20 Apr 2003 16:28:18 -0500
include("compat.inc");
if(description)
{
script_id(11554);
script_version ("1.17");
script_cve_id("CVE-2003-0332");
script_bugtraq_id(7387);
script_name(english:"BadBlue ISAPI Extension .hts Crafted File Extension Request Authentication Bypass");
script_summary(english:"Get the version of the remote BadBlue server");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an authentication bypass
vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host is running the BadBlue web server earlier than 2.2.
Such versions are reportedly affected by an authentication bypass
vulnerability. It is possible for an attacker to gain administrative
access using a filename with a .ats extension instead of a .hts
extension." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/vulnwatch/2003/q2/77" );
script_set_attribute(attribute:"solution", value:
"Upgrade to BadBlue v 2.2 or newer as this reportedly fixes the issue." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'BadBlue 2.5 EXT.dll Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/04/27");
script_set_attribute(attribute:"vuln_publication_date", value: "2003/05/20");
script_cvs_date("Date: 2018/11/15 20:50:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
script_family(english:"Web Servers");
script_require_ports("Services/www", 80);
script_dependencies("find_service1.nasl", "http_version.nasl");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
banner = get_http_banner(port:port);
if(!banner)exit(0);
# Technically speaking, version 2.16 is not vulnerable. However since we could
# not test it, we advise everyone to update to 2.2
vulnerable = egrep(pattern:"^Server: BadBlue/(1\.|2\.[0-1])", string:banner);
if(vulnerable)security_hole(port);
Related
exploitdb
exploitdb
Working Resources BadBlue 1.7.x/2.x - Unauthorized HTS Access
2003-05-20 00:00:00
cvelist
cvelist
CVE-2003-0332
2003-05-22 04:00:00
cve
cve
CVE-2003-0332
2003-06-09 04:00:00
nvd
nvd
CVE-2003-0332
2003-06-09 04:00:00
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
68.3%
Related for BADBLUE_REMOTE_ADMINISTRATIVE_ACCESS.NASL