ID DEBIAN_DLA-1269.NASL Type nessus Reporter This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2018-02-05T00:00:00
Description
It was discovered that an XHR/AJAX call did not properly encode user
input in the 'dokuwiki' wiki platform. This resulted in a reflected
file download vulnerability.
For Debian 7 'Wheezy', this issue has been fixed in dokuwiki version
0.0.20120125b-2+deb7u2.
We recommend that you upgrade your dokuwiki packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1269-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(106592);
script_version("3.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2017-18123");
script_name(english:"Debian DLA-1269-1 : dokuwiki security update");
script_summary(english:"Checks dpkg output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that an XHR/AJAX call did not properly encode user
input in the 'dokuwiki' wiki platform. This resulted in a reflected
file download vulnerability.
For Debian 7 'Wheezy', this issue has been fixed in dokuwiki version
0.0.20120125b-2+deb7u2.
We recommend that you upgrade your dokuwiki packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/dokuwiki"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade the affected dokuwiki package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dokuwiki");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2018/02/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"dokuwiki", reference:"0.0.20120125b-2+deb7u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DLA-1269.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1269-1 : dokuwiki security update", "description": "It was discovered that an XHR/AJAX call did not properly encode user\ninput in the 'dokuwiki' wiki platform. This resulted in a reflected\nfile download vulnerability.\n\nFor Debian 7 'Wheezy', this issue has been fixed in dokuwiki version\n0.0.20120125b-2+deb7u2.\n\nWe recommend that you upgrade your dokuwiki packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2018-02-05T00:00:00", "modified": "2018-02-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/106592", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html", "https://packages.debian.org/source/wheezy/dokuwiki"], "cvelist": ["CVE-2017-18123"], "type": "nessus", "lastseen": "2021-01-12T09:39:02", "edition": 17, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-18123"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891269", "OPENVAS:1361412562310875086", "OPENVAS:1361412562310140814", "OPENVAS:1361412562310875036", "OPENVAS:1361412562310891413"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1413-1:F17EA", "DEBIAN:DLA-1269-1:0F603"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1413.NASL"]}, {"type": "fedora", "idList": ["FEDORA:61EEF604B004", "FEDORA:C17EC60567F7"]}], "modified": "2021-01-12T09:39:02", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-01-12T09:39:02", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1269-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106592);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-18123\");\n\n script_name(english:\"Debian DLA-1269-1 : dokuwiki security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that an XHR/AJAX call did not properly encode user\ninput in the 'dokuwiki' wiki platform. This resulted in a reflected\nfile download vulnerability.\n\nFor Debian 7 'Wheezy', this issue has been fixed in dokuwiki version\n0.0.20120125b-2+deb7u2.\n\nWe recommend that you upgrade your dokuwiki packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/dokuwiki\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected dokuwiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dokuwiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"dokuwiki\", reference:\"0.0.20120125b-2+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "106592", "cpe": ["p-cpe:/a:debian:debian_linux:dokuwiki", "cpe:/o:debian:debian_linux:7.0"], "scheme": null, "cvss3": {"score": 8.6, "vector": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:13:28", "description": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-03T15:29:00", "title": "CVE-2017-18123", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18123"], "modified": "2018-07-07T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:dokuwiki:dokuwiki:2017-02-19e"], "id": "CVE-2017-18123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18123", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:dokuwiki:dokuwiki:2017-02-19e:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123"], "description": "It was discovered that an XHR/AJAX call did not properly encode user\ninput in the ", "modified": "2020-01-29T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310891269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891269", "type": "openvas", "title": "Debian LTS: Security Advisory for dokuwiki (DLA-1269-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891269\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-18123\");\n script_name(\"Debian LTS: Security Advisory for dokuwiki (DLA-1269-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 00:00:00 +0100 (Wed, 21 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"dokuwiki on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in dokuwiki version\n0.0.20120125b-2+deb7u2.\n\nWe recommend that you upgrade your dokuwiki packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that an XHR/AJAX call did not properly encode user\ninput in the 'dokuwiki' wiki platform. This resulted in a reflected file\ndownload vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"dokuwiki\", ver:\"0.0.20120125b-2+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:10:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123"], "description": "The call parameter of /lib/exe/ajax.php in DokuWiki through\n2017-02-19e does not properly encode user input, which leads to a\nreflected file download vulnerability, and allows remote attackers to\nrun arbitrary programs.", "modified": "2020-01-29T00:00:00", "published": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891413", "type": "openvas", "title": "Debian LTS: Security Advisory for dokuwiki (DLA-1413-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891413\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-18123\");\n script_name(\"Debian LTS: Security Advisory for dokuwiki (DLA-1413-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 00:00:00 +0200 (Tue, 10 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"dokuwiki on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.0.20140505.a+dfsg-4+deb8u1.\n\nWe recommend that you upgrade your dokuwiki packages.\");\n\n script_tag(name:\"summary\", value:\"The call parameter of /lib/exe/ajax.php in DokuWiki through\n2017-02-19e does not properly encode user input, which leads to a\nreflected file download vulnerability, and allows remote attackers to\nrun arbitrary programs.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"dokuwiki\", ver:\"0.0.20140505.a+dfsg-4+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T17:00:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123"], "description": "The call parameter of /lib/exe/ajax.php in DokuWiki does not properly encode\nuser input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary\nprograms.", "modified": "2020-05-08T00:00:00", "published": "2018-02-27T00:00:00", "id": "OPENVAS:1361412562310140814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140814", "type": "openvas", "title": "DokuWiki Reflected File Download Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# DokuWiki Reflected File Download Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:dokuwiki:dokuwiki\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140814\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-27 10:06:40 +0700 (Tue, 27 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-18123\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"DokuWiki Reflected File Download Vulnerability\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_dokuwiki_detect.nasl\");\n script_mandatory_keys(\"dokuwiki/installed\");\n\n script_tag(name:\"summary\", value:\"The call parameter of /lib/exe/ajax.php in DokuWiki does not properly encode\nuser input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary\nprograms.\");\n\n script_tag(name:\"vuldetect\", value:\"Sends a crafted HTTP GET request and checks the response.\");\n\n script_tag(name:\"affected\", value:\"DokuWiki 2017-02-19e and prior.\");\n\n script_tag(name:\"solution\", value:\"Apply the provided patch.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/splitbrain/dokuwiki/issues/2029\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + '/lib/exe/ajax.php?call=%7c%7c%63%61%6c%63%7c%7c';\n\nif (http_vuln_check(port: port, url: url, pattern: \"AJAX call '\\|\\|calc\\|\\|' unknown!\", check_header: TRUE)) {\n report = http_report_vuln_url(port: port, url: url);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123", "CVE-2016-7964", "CVE-2017-12583", "CVE-2016-7965", "CVE-2017-12979", "CVE-2017-12980"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-20T00:00:00", "id": "OPENVAS:1361412562310875086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875086", "type": "openvas", "title": "Fedora Update for dokuwiki FEDORA-2018-a1bd27f59b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a1bd27f59b_dokuwiki_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dokuwiki FEDORA-2018-a1bd27f59b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875086\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-20 07:53:19 +0200 (Thu, 20 Sep 2018)\");\n script_cve_id(\"CVE-2016-7964\", \"CVE-2016-7965\", \"CVE-2017-12583\", \"CVE-2017-12979\",\n \"CVE-2017-12980\", \"CVE-2017-18123\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dokuwiki FEDORA-2018-a1bd27f59b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dokuwiki'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"dokuwiki on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a1bd27f59b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPNTHW3SYF4KDQE32QW2VENBUJAZDRCD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"dokuwiki\", rpm:\"dokuwiki~20180422a~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123", "CVE-2016-7964", "CVE-2017-12583", "CVE-2016-7965", "CVE-2017-12979", "CVE-2017-12980"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-06T00:00:00", "id": "OPENVAS:1361412562310875036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875036", "type": "openvas", "title": "Fedora Update for dokuwiki FEDORA-2018-be9f4838dd", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_be9f4838dd_dokuwiki_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dokuwiki FEDORA-2018-be9f4838dd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875036\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-06 07:31:21 +0200 (Thu, 06 Sep 2018)\");\n script_cve_id(\"CVE-2016-7964\", \"CVE-2016-7965\", \"CVE-2017-12583\", \"CVE-2017-12979\",\n \"CVE-2017-12980\", \"CVE-2017-18123\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dokuwiki FEDORA-2018-be9f4838dd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dokuwiki'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"dokuwiki on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-be9f4838dd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IU2HDQATJGCT4PFNU5MG6KG37PPXT5QC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"dokuwiki\", rpm:\"dokuwiki~20180422a~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18123"], "description": "Package : dokuwiki\nVersion : 0.0.20120125b-2+deb7u2\nCVE ID : CVE-2017-18123\nDebian Bug : #889281\n\nIt was discovered that an XHR/AJAX call did not properly encode user\ninput in the "dokuwiki" wiki platform. This resulted in a reflected file\ndownload vulnerability.\n\nFor Debian 7 "Wheezy", this issue has been fixed in dokuwiki version\n0.0.20120125b-2+deb7u2.\n\nWe recommend that you upgrade your dokuwiki packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 2, "modified": "2018-02-04T10:51:52", "published": "2018-02-04T10:51:52", "id": "DEBIAN:DLA-1269-1:0F603", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201802/msg00004.html", "title": "[SECURITY] [DLA 1269-1] dokuwiki security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18123"], "description": "Package : dokuwiki\nVersion : 0.0.20140505.a+dfsg-4+deb8u1\nCVE ID : CVE-2017-18123\nDebian Bug : 889281\n\nThe call parameter of /lib/exe/ajax.php in DokuWiki through\n2017-02-19e does not properly encode user input, which leads to a\nreflected file download vulnerability, and allows remote attackers to\nrun arbitrary programs.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.0.20140505.a+dfsg-4+deb8u1.\n\nWe recommend that you upgrade your dokuwiki packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2018-07-05T16:36:51", "published": "2018-07-05T16:36:51", "id": "DEBIAN:DLA-1413-1:F17EA", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00004.html", "title": "[SECURITY] [DLA 1413-1] dokuwiki security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T09:39:25", "description": "The call parameter of /lib/exe/ajax.php in DokuWiki through\n2017-02-19e does not properly encode user input, which leads to a\nreflected file download vulnerability, and allows remote attackers to\nrun arbitrary programs.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.0.20140505.a+dfsg-4+deb8u1.\n\nWe recommend that you upgrade your dokuwiki packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 21, "cvss3": {"score": 8.6, "vector": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-07-06T00:00:00", "title": "Debian DLA-1413-1 : dokuwiki security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18123"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:dokuwiki"], "id": "DEBIAN_DLA-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/110926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1413-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110926);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-18123\");\n\n script_name(english:\"Debian DLA-1413-1 : dokuwiki security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The call parameter of /lib/exe/ajax.php in DokuWiki through\n2017-02-19e does not properly encode user input, which leads to a\nreflected file download vulnerability, and allows remote attackers to\nrun arbitrary programs.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.0.20140505.a+dfsg-4+deb8u1.\n\nWe recommend that you upgrade your dokuwiki packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/dokuwiki\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected dokuwiki package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dokuwiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"dokuwiki\", reference:\"0.0.20140505.a+dfsg-4+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7964", "CVE-2016-7965", "CVE-2017-12583", "CVE-2017-12979", "CVE-2017-12980", "CVE-2017-18123"], "description": "DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no database is required. ", "modified": "2018-09-06T03:13:15", "published": "2018-09-06T03:13:15", "id": "FEDORA:C17EC60567F7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: dokuwiki-20180422a-1.fc28", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7964", "CVE-2016-7965", "CVE-2017-12583", "CVE-2017-12979", "CVE-2017-12980", "CVE-2017-18123"], "description": "DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no database is required. ", "modified": "2018-09-20T05:17:27", "published": "2018-09-20T05:17:27", "id": "FEDORA:61EEF604B004", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: dokuwiki-20180422a-2.fc27", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}