10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.4%
The version of op5 Monitor hosted on the remote web server contains an information disclosure vulnerability. In the default configuration, detailed error messages are enabled. An authenticated user, upon triggering an error, will be presented with sensitive data including database credentials, the current user’s hashed password, and SQL statements.
Note that the versions affected by this vulnerability are also affected by CVE-2012-0264, which is an improper session handling vulnerability.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57579);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-0623");
script_bugtraq_id(64608);
script_name(english:"op5 Monitor Credential Leak");
script_summary(english:"Checks the version of op5 Monitor");
script_set_attribute(attribute:"synopsis", value:
"A PHP application hosted on the remote web server discloses
credentials in error messages.");
script_set_attribute(attribute:"description", value:
"The version of op5 Monitor hosted on the remote web server contains
an information disclosure vulnerability. In the default
configuration, detailed error messages are enabled. An authenticated
user, upon triggering an error, will be presented with sensitive data
including database credentials, the current user's hashed password,
and SQL statements.
Note that the versions affected by this vulnerability are also
affected by CVE-2012-0264, which is an improper session handling
vulnerability.");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24b0cd28");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fcd924ab");
script_set_attribute(attribute:"solution", value:"Upgrade op5 Monitor to version 5.5.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
script_set_attribute(attribute:"patch_publication_date", value:"2011/12/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/17");
script_set_attribute(attribute:"cpe", value:"cpe:/a:op5:monitor");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_dependencies("op5_monitor_detect.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/op5_monitor");
script_require_ports("Services/www", 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("webapp_func.inc");
# Get details of the op5 Portal install.
port = get_http_port(default:443);
install = get_install_from_kb(appname:"op5_monitor", port:port, exit_on_fail:TRUE);
dir = install["dir"];
version = install["ver"];
url = build_url(port:port, qs:dir + "/");
# If we couldn't detect the version, we can't determine if the remote
# instance is vulnerable.
if (version == UNKNOWN_VER)
exit(0, "The version of op5 Monitor at " + url + " is unknown.");
# Check if the remote instance is vulnerable.
if (version != "5.3.5" && version != "5.4.0" && version != "5.4.2")
exit(0, "The op5 Monitor " + version + " install at " + url + " is not affected.");
# Report our findings.
report = NULL;
if (report_verbosity > 0)
{
report =
'\n URL : ' + url +
'\n Installed version : ' + version +
'\n Fixed version : 5.5.0' +
'\n';
}
security_warning(port:port, extra:report);