Lucene search
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2015-131_V7_0.NASLHistoryAug 19, 2015 - 12:00 a.m.
EMC Documentum Content Server Information Disclosure (ESA-2015-131)
2015-08-1900:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
The version of EMC Documentum Content Server running on the remote host is affected an information disclosure vulnerability due to passwords being stored as plaintext in log files for users with inline authentication. An authenticated, remote attacker with access to the log files can exploit this to login using the password of a different user. Note that this issue is present only when RPC tracing is enabled.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(85545);
script_version("1.5");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-2015-4536");
script_bugtraq_id(76412);
script_name(english:"EMC Documentum Content Server Information Disclosure (ESA-2015-131)");
script_summary(english:"Checks for the Documentum Content Server.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an information disclosure
vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of EMC Documentum Content Server running on the remote
host is affected an information disclosure vulnerability due to
passwords being stored as plaintext in log files for users with
inline authentication. An authenticated, remote attacker with access
to the log files can exploit this to login using the password of a
different user. Note that this issue is present only when RPC tracing
is enabled.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2015/Aug/att-86/ESA-2015-131.txt");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4536");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/17");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:documentum_content_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("emc_documentum_content_server_installed.nbin");
script_require_keys("installed_sw/EMC Documentum Content Server");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("emc_documentum.inc");
app_name = DOC_APP_NAME;
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
fixes = make_nested_list(
make_list("7.0P20"),
make_list("7.1P18"),
make_list("7.2P02")
);
documentum_check_and_report(install:install, fixes:fixes, severity:SECURITY_NOTE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | documentum_content_server | cpe:/a:emc:documentum_content_server |
Related
prion
prion
Design/Logic Flaw
2015-08-20 10:59:00
cve
cve
CVE-2015-4536
2015-08-20 10:59:00
securityvulns
securityvulns
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
2015-08-24 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
Related for EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2015-131_V7_0.NASL