ID BLAZIX_JSP_SOURCE.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc. Modified 2005-02-19T00:00:00
Description
The remote host is running the Blazix web server, a web server written
in Java.
The installed version of Blazix discloses the source code of its JSP
pages by requesting the pages while appending a plus sign or a
backslash to its name. An attacker may use this flaw to get the
source code of your CGIs and possibly obtain passwords and other
relevant information about this host.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(17151);
script_bugtraq_id(5566, 5567);
script_cve_id("CVE-2002-1451");
script_version("1.16");
name["english"] = "Blazix Trailing Character JSP Source Disclosure";
script_name(english:name["english"]);
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an information disclosure
vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host is running the Blazix web server, a web server written
in Java.
The installed version of Blazix discloses the source code of its JSP
pages by requesting the pages while appending a plus sign or a
backslash to its name. An attacker may use this flaw to get the
source code of your CGIs and possibly obtain passwords and other
relevant information about this host." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Aug/355" );
script_set_attribute(attribute:"solution", value:
"Upgrade to Blazix 1.2.2 or newer." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/19");
script_set_attribute(attribute:"vuln_publication_date", value: "2002/09/24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
summary["english"] = "Attempts to read the source of a jsp page";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
family["english"] = "CGI abuses";
script_family(english:family["english"]);
script_dependencie("find_service1.nasl", "http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
# Check starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
function check(file)
{
local_var r, res;
r = http_send_recv3(method:"GET", item:file, port:port);
res = strcat(r[0], r[1], '\r\n', r[2]);
if("<%" >< res) return 1;
return 0;
}
banner = get_http_banner(port:port);
if ("Server: Blazix Java Server" >!< banner ) exit(0);
if(get_port_state(port))
{
files = get_kb_list(string("www/", port, "/content/extensions/jsp"));
if(isnull(files))files = make_list("/index.jsp");
n = 0;
foreach file (files)
{
if(check(file:file) == 0)
{
file = str_replace(string:file, find:".jsp", replace:".jsp+");
if(check(file:file)) { security_warning(port); exit(0); }
}
n++;
if(n > 10)exit(0);
}
}
{"id": "BLAZIX_JSP_SOURCE.NASL", "bulletinFamily": "scanner", "title": "Blazix Trailing Character JSP Source Disclosure", "description": "The remote host is running the Blazix web server, a web server written\nin Java. \n\nThe installed version of Blazix discloses the source code of its JSP\npages by requesting the pages while appending a plus sign or a\nbackslash to its name. An attacker may use this flaw to get the\nsource code of your CGIs and possibly obtain passwords and other\nrelevant information about this host.", "published": "2005-02-19T00:00:00", "modified": "2005-02-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/17151", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["https://seclists.org/bugtraq/2002/Aug/355"], "cvelist": ["CVE-2002-1451"], "type": "nessus", "lastseen": "2021-01-20T09:25:16", "edition": 25, "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1451"]}, {"type": "osvdb", "idList": ["OSVDB:10466", "OSVDB:10467"]}, {"type": "exploitdb", "idList": ["EDB-ID:21751", "EDB-ID:21752"]}], "modified": "2021-01-20T09:25:16", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-01-20T09:25:16", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(17151);\n script_bugtraq_id(5566, 5567);\n script_cve_id(\"CVE-2002-1451\");\n\n script_version(\"1.16\");\n \n name[\"english\"] = \"Blazix Trailing Character JSP Source Disclosure\";\n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an information disclosure\nvulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running the Blazix web server, a web server written\nin Java. \n\nThe installed version of Blazix discloses the source code of its JSP\npages by requesting the pages while appending a plus sign or a\nbackslash to its name. An attacker may use this flaw to get the\nsource code of your CGIs and possibly obtain passwords and other\nrelevant information about this host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2002/Aug/355\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Blazix 1.2.2 or newer.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/02/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2002/09/24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Attempts to read the source of a jsp page\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"CGI abuses\";\n script_family(english:family[\"english\"]);\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n# Check starts here\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n\nfunction check(file)\n{\n local_var r, res;\n\n r = http_send_recv3(method:\"GET\", item:file, port:port);\n res = strcat(r[0], r[1], '\\r\\n', r[2]);\n if(\"<%\" >< res) return 1;\n return 0;\n}\n\nbanner = get_http_banner(port:port);\nif (\"Server: Blazix Java Server\" >!< banner ) exit(0);\n\nif(get_port_state(port))\n{\n files = get_kb_list(string(\"www/\", port, \"/content/extensions/jsp\"));\n if(isnull(files))files = make_list(\"/index.jsp\");\n n = 0;\n foreach file (files)\n {\n if(check(file:file) == 0)\n {\n file = str_replace(string:file, find:\".jsp\", replace:\".jsp+\");\n if(check(file:file)) { security_warning(port); exit(0); }\n }\n n++;\n if(n > 10)exit(0);\n }\n}\n", "naslFamily": "CGI abuses", "pluginID": "17151", "cpe": [], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:37:00", "description": "Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) \"+\" or (2) \"\\\" (backslash) character.", "edition": 3, "cvss3": {}, "published": "2002-08-24T04:00:00", "title": "CVE-2002-1451", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1451"], "modified": "2008-09-05T20:30:00", "cpe": ["cpe:/a:desiderata_software:blazix:1.2", "cpe:/a:desiderata_software:blazix:1.2.1"], "id": "CVE-2002-1451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1451", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:desiderata_software:blazix:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:desiderata_software:blazix:1.2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2002-1451"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 10466](https://vulners.com/osvdb/OSVDB:10466)\nISS X-Force ID: 9952\n[CVE-2002-1451](https://vulners.com/cve/CVE-2002-1451)\nBugtraq ID: 5567\n", "modified": "2002-09-24T00:00:00", "published": "2002-09-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10467", "id": "OSVDB:10467", "type": "osvdb", "title": "Blazix Trailing Character Protected Directory Listing", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2002-1451"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 10467](https://vulners.com/osvdb/OSVDB:10467)\nISS X-Force ID: 9952\n[CVE-2002-1451](https://vulners.com/cve/CVE-2002-1451)\nBugtraq ID: 5567\n", "modified": "2002-09-24T00:00:00", "published": "2002-09-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10466", "id": "OSVDB:10466", "type": "osvdb", "title": "Blazix Trailing Character JSP Source Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-02T17:11:14", "description": "Blazix 1.2 Special Character Handling Server Side Script Information Disclosure. CVE-2002-1451. Remote exploits for multiple platform", "published": "2002-08-24T00:00:00", "type": "exploitdb", "title": "Blazix 1.2 Special Character Handling Server Side Script Information Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1451"], "modified": "2002-08-24T00:00:00", "id": "EDB-ID:21751", "href": "https://www.exploit-db.com/exploits/21751/", "sourceData": "source: http://www.securityfocus.com/bid/5566/info\r\n\r\nBlazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.\r\n\r\nWhen a user passes a request to the web server that ends in either a plus (+) or backslash (\\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file. \r\n\r\nhttp://www.example.com/jsptest.jsp+\r\nhttp://www.example.com/jsptest.jsp\\ ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/21751/"}, {"lastseen": "2016-02-02T17:11:24", "description": "Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability. CVE-2002-1451. Remote exploits for multiple platform", "published": "2002-08-25T00:00:00", "type": "exploitdb", "title": "Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1451"], "modified": "2002-08-25T00:00:00", "id": "EDB-ID:21752", "href": "https://www.exploit-db.com/exploits/21752/", "sourceData": "source: http://www.securityfocus.com/bid/5567/info\r\n\r\nBlazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.\r\n\r\nBlazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. \r\n\r\nhttp://www.example.com/bugtest+/\r\nhttp://www.example.com/bugtest\\/ ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/21752/"}]}
