Lucene search
This script is Copyright (C) 2003-2021 John LampeNDCGI.NASLHistoryJun 11, 2003 - 12:00 a.m.
Netdynamics ndcgi.exe Previous User Session Replay
2003-06-1100:00:00
This script is Copyright (C) 2003-2021 John Lampe
www.tenable.com
57
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.032
Percentile
91.2%
The file ndcgi.exe exists on this web server. Some versions of this file are vulnerable to remote exploit.
As Nessus solely relied on the existence of the ndcgi.exe file, this might be a false positive
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#
# Changes by Tenable:
# - Revised plugin title (4/20/009)
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11730);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2001-0922");
script_bugtraq_id(3583);
script_name(english:"Netdynamics ndcgi.exe Previous User Session Replay");
script_summary(english:"Checks for the ndcgi.exe file");
script_set_attribute(attribute:"synopsis", value:"User sessions may be hijacked on the remote host.");
script_set_attribute(attribute:"description", value:
"The file ndcgi.exe exists on this web server. Some versions of this
file are vulnerable to remote exploit.
As Nessus solely relied on the existence of the ndcgi.exe file, this
might be a false positive");
script_set_attribute(attribute:"solution", value:"Remove it from /cgi-bin.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=100681274915525&w=2");
script_set_attribute(attribute:"vuln_publication_date", value:"2001/11/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
flag = 0;
directory = "";
no404 = get_kb_item("www/no404/" + port );
foreach dir (cgi_dirs()) {
if(is_cgi_installed_ka(item:string(dir, "/ndcgi.exe"), port:port)) {
if(no404 && is_cgi_installed_ka(item:string(dir, "/nessus" + rand() + ".exe"), port:port)) exit(0);
flag = 1;
directory = dir;
break;
}
}
if (flag) security_hole(port);
Related
cve
cve
CVE-2001-0922
2002-02-02 05:00:00
openvas
openvas
ndcgi.exe Remote Vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2001-0922
2002-02-02 05:00:00
nvd
nvd
CVE-2001-0922
2001-11-26 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.032
Percentile
91.2%
Related for NDCGI.NASL