7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
The remote host is using owl intranet engine, an open source file sharing utility written in php.
The remote version of this software is vulnerable to various flaws, which may allow an attacker to execute arbitrary SQL statements against the remote database or to perform a cross site scripting attack against third-party users by using the remote server.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(16063);
script_version("1.19");
script_cve_id("CVE-2005-0264", "CVE-2005-0265");
script_bugtraq_id(12114);
script_name(english:"Owl < 0.74.0 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by a SQL
injection vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host is using owl intranet engine, an open source
file sharing utility written in php.
The remote version of this software is vulnerable to various
flaws, which may allow an attacker to execute arbitrary SQL
statements against the remote database or to perform a cross
site scripting attack against third-party users by using the
remote server." );
script_set_attribute(attribute:"solution", value:
"Upgrade to Owl 0.74.0 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/28");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/01");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:owl:owl_intranet_engine");
script_end_attributes();
script_summary(english:"Determines owl is installed");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/PHP");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if(!can_host_php(port:port)) exit(0);
foreach d ( cgi_dirs() )
{
w = http_send_recv3(method:"GET", item:d + "/browse.php", port:port);
if (isnull(w)) exit(1, "The web server on port "+port+" did not answer");
res = strcat(w[0], w[1], '\r\n', w[2]);
line = egrep(pattern:"<TITLE>Owl Intranet Owl ", string:res);
if ( line )
{
if ( ereg(pattern:".*Owl 0\.([0-6].*|7[0-3])</TITLE>", string:line) )
{
security_hole(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
exit(0);
}
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
owl | owl_intranet_engine | cpe:/a:owl:owl_intranet_engine |