| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2010-0284 | 18 Jun 201016:00 | – | cve | |
| CVE-2010-0284 | 18 Jun 201016:00 | – | cvelist | |
| Novell iManager File Upload | 27 Apr 201200:00 | – | dsquare | |
| EUVD-2010-0315 | 7 Oct 202500:30 | – | euvd | |
| Novell 'modulemanager' Servlet Arbitrary File Upload (intrusive check) | 1 Jul 201000:00 | – | nessus | |
| CVE-2010-0284 | 18 Jun 201016:30 | – | nvd | |
| Directory traversal | 18 Jun 201016:30 | – | prion | |
| ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability | 23 Jun 201000:00 | – | securityvulns | |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 23 Jun 201000:00 | – | securityvulns | |
| Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability | 21 Jun 201000:00 | – | zdi |
| Source | Link |
|---|---|
| zerodayinitiative | www.zerodayinitiative.com/advisories/ZDI-10-112/ |
| nessus | www.nessus.org/u |
| zerodayinitiative | www.zerodayinitiative.com/advisories/ZDI-10-190/ |
| support | www.support.microfocus.com/kb/doc.php |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(47582);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2010-0284");
script_bugtraq_id(40931, 43635);
script_xref(name:"Secunia", value:"40198");
script_xref(name:"Secunia", value:"41687");
script_name(english:"Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)");
script_summary(english:"Checks if the affected servlet does not require authentication");
script_set_attribute(
attribute:"synopsis",
value:
"A web application on the remote host has an arbitrary file upload
vulnerability."
);
script_set_attribute(
attribute:"description",
value:
"The Administration Console component of Novell Access Manager or
Novell iManager running on the remote web server has an arbitrary
file upload vulnerability. Sending a specially crafted multipart
POST request to '/nps/servlet/modulemanager' results in the upload
of arbitrary data. Specifying a destination filename that contains
a directory traversal string allows an attacker to write arbitrary
files as SYSTEM. Only Windows installs are affected.
A remote attacker could exploit this to upload arbitrary files to the
system, resulting in remote code execution.
Since safe checks are enabled, Nessus fingerprinted the vulnerable
servlet by sending innocuous requests and checking the HTTP response
codes."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.zerodayinitiative.com/advisories/ZDI-10-112/"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?223e218b"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.zerodayinitiative.com/advisories/ZDI-10-190/"
);
script_set_attribute(
attribute:"see_also",
value:"https://support.microfocus.com/kb/doc.php?id=7006515"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to Access Manager 3.1 SP2 / iManager 2.7 ftf3 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Novell iManager File Upload");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Novell iManager getMultiPartParameters Arbitrary File Upload');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date",value:"2010/06/10");
script_set_attribute(attribute:"patch_publication_date",value:"2010/06/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_dependencies("os_fingerprint.nasl", "http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 8443);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
# Unless we're paranoid, bail out if OS has been determined and is not Windows
if (report_paranoia < 2)
{
os = get_kb_item('Host/OS');
if (os && 'Windows' >!< os)
exit(0, 'Only Windows hosts are affected.');
}
port = get_http_port(default:8443);
function get_http_code()
{
local_var res, headers, http_code;
res = _FCT_ANON_ARGS[0];
if (isnull(res)) return NULL;
headers = parse_http_headers(status_line:res[0], headers:res[1]);
if (isnull(headers)) exit(1, 'Error parsing HTTP headers on port '+port+'.');
http_code = headers['$code'];
if (isnull(http_code)) exit(1, "Error parsing HTTP response code");
return http_code;
}
# key - query string, value - expected http response code
tests = make_array(
'?MODULE_PATH=/etc/passwd&'+SCRIPT_NAME+'='+unixtime(), 400,
'', 417
);
servlet = '/nps/servlet/modulemanager';
foreach qs (keys(tests))
{
url = servlet + qs;
expected_code = tests[qs];
res = http_send_recv3(method:'GET', port:port, item:url, exit_on_fail:TRUE);
code = get_http_code(res);
if (code != expected_code)
exit(0, 'The server on port '+port+' is not affected.');
}
security_hole(port);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation