Lucene search
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.FOXWEB_DLL.NASLHistoryDec 04, 2003 - 12:00 a.m.
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow
2003-12-0400:00:00
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.
www.tenable.com
68
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.2%
The foxweb.dll or foxweb.exe CGI is installed.
Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code.
Since Nessus just verified the presence of the CGI but could not check the version number, this might be a false alarm.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11939);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2003-0762");
script_bugtraq_id(8547);
script_name(english:"Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow");
script_summary(english:"Checks for the presence of foxweb.exe or foxweb.dll");
script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote host is prone to buffer
overflow attacks.");
script_set_attribute(attribute:"description", value:
"The foxweb.dll or foxweb.exe CGI is installed.
Versions 2.5 and below of this CGI program have a remote stack buffer
overflow. A remote attacker could use this to crash the web server, or
possibly execute arbitrary code.
** Since Nessus just verified the presence of the CGI but could ** not
check the version number, this might be a false alarm.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/vulnwatch/2003/q3/95");
script_set_attribute(attribute:"solution", value:"Unknown at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/12/04");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80);
l = make_list("foxweb.dll", "foxweb.exe");
foreach cgi (l)
{
res = is_cgi_installed3(item:cgi, port:port);
if(res)
{
security_hole(port);
exit(0); # As we might fork, we exit here
}
}
Related
openvas
openvas
foxweb <= 2.5 CGI Buffer Overflow Vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2003-0762
2022-10-03 16:15:44
cve
cve
CVE-2003-0762
2022-10-03 16:15:44
nvd
nvd
CVE-2003-0762
2003-09-17 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.2%
Related for FOXWEB_DLL.NASL