Vulners
Lucene search
Microsoft Remote Desktop Web Access Detection
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55800);
script_version("1.8");
script_cvs_date("Date: 2020/01/22");
script_name(english:"Microsoft Remote Desktop Web Access Detection");
script_summary(english:"Looks for the login page");
script_set_attribute(
attribute:"synopsis",
value:
"The web interface for an operating system deployment appliance was
detected on the remote host."
);
script_set_attribute(
attribute:"description",
value:
"Remote Desktop Web Access was detected on the remote web server.
This application allows access to RemoteApp and Desktop Connection via
a web browser."
);
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731923(v=ws.11)");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2008:r2");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"hardware_inventory", value:"True");
script_set_attribute(attribute:"os_identification", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_require_ports("Services/www", 443);
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:443);
# currently this app only runs on Windows 2008 R2 (IIS 7.5)
if (report_paranoia < 2)
{
server = http_server_header(port:port);
if (server != 'Microsoft-IIS/7.5')
exit(0, 'The web server on port ' + port + ' doesn\'t look like IIS 7.5');
}
# the locale is in the URL of the login page, so rather than guess it we'll
# request the root dir and assume we'll get redirected
dir = '/RDWeb';
url = dir + '/Pages/default.aspx';
res = http_send_recv3(method:'GET', item:url, port:port, follow_redirect:2, exit_on_fail:TRUE);
if ('>RD Web Access</title>' >!< res[2])
exit(0, 'RD Web Access doesn\'t appear to be on port ' + port);
install = add_install(
appname:'rd_web_access',
dir:dir,
port:port,
cpe: "cpe:/o:microsoft:windows_server_2008:r2"
);
if (report_verbosity > 0)
{
report = get_install_report(
display_name:'Remote Desktop Web Access',
installs:install,
port:port
);
security_note(port:port, extra:report);
}
else security_note(port);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6