Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SYMANTEC_DCS_CVE_2014_7289.NASL
HistoryFeb 26, 2015 - 12:00 a.m.

Symantec Data Center Security Server SQLi (SYM15-001)

2015-02-2600:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.5%

JSON

The remote Symantec Data Center Security Server running on the remote host is affected by a SQL injection vulnerability in the ‘/sis-ui/authenticate’ script on the web console interface. A remote attacker, using a crafted HTTP request, can exploit this to execute SQL queries, allowing the disclosure or modification of arbitrary data.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81549);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-7289");
  script_bugtraq_id(72092);

  script_name(english:"Symantec Data Center Security Server SQLi (SYM15-001)");
  script_summary(english:"Attempts to exploit the SQL Injection vulnerability.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a SQL injection vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Symantec Data Center Security Server running on the remote
host is affected by a SQL injection vulnerability in the
'/sis-ui/authenticate' script on the web console interface. A remote
attacker, using a crafted HTTP request, can exploit this to execute
SQL queries, allowing the disclosure or modification of arbitrary
data.");
  # https://support.symantec.com/en_US/article.SYMSA1311.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0364a137");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Symantec Data Center Security version 6.0 MP1, and apply
the protection policy modifications described in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-7289");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:symantec:critical_system_protection");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("symantec_dcs_console_interface_detect.nbin", "http_version.nasl");
  script_require_keys("installed_sw/Symantec Data Center Security Server Console");
  script_require_ports("Services/www", 4443);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
include("charset_func.inc");

function unicode (str)
{
  local_var retval, i;
  retval = '';
  for (i=0; i<strlen(str); i++)
    retval += str[i] + '\x00';
  return retval;
}

appname = 'Symantec Data Center Security Server Console';
get_install_count(app_name:appname, exit_if_zero:TRUE);

port = get_http_port(default:4443);

get_single_install(app_name:appname, port:port);

req_head = 'Data-Format=text/plain\n'+
           'Data-Type=properties\n'+
           'Data-Length=';

req_args = unicode(str:'ai=1\r\nun=\'\r\npwd=\r\n');
req = req_head + strlen(req_args) + '\n\n' + req_args + '\nEOF_FLAG\n';

res = http_send_recv3(method       : "POST",
                      port         : port,
                      add_headers  : make_array("AppFire-Format-Version", "1.0",
                                                "AppFire-Charset"       , "UTF-16LE",
                                                "Content-Type"          , "application/x-appfire"),
                      item         : "/sis-ui/authenticate",
                      data         : req,
                      exit_on_fail : TRUE);

if(tolower(res[1]) =~ "content-type\s*:\s*application/x-appfire" &&
   "java.sql.SQLException: Invalid SQL statement or JDBC escape, terminating ''' not found." >< get_ascii_printable(string:res[2]))
{
  set_kb_item(name:'www/' + port + '/SQLInjection', value:TRUE);
  if(report_verbosity > 0)
  {
    http_req = http_last_sent_request();

    for (i=0; i<strlen(http_req); i++)
      if(!is_ascii_printable(http_req[i])) http_req[i] = '.';

    report = '\nNessus was able to verify the vulnerability exists with the following HTTP request :\n' +
             '\n' + crap(data:"-", length:30) + " snip " + crap(data:"-", length:30) + '\n' +
             http_req +
             '\n' + crap(data:"-", length:30) + " snip " + crap(data:"-", length:30) + '\n';

    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, build_url(port:port, qs:'/sis-ui/'));
VendorProductVersionCPE
symanteccritical_system_protectioncpe:/a:symantec:critical_system_protection

Related

cve 1
nvd 1
cvelist 1
prion 1
exploitpack 1
zdt 1
securityvulns 2
packetstorm 1
symantec 1
exploitdb 1
nessus 1
cve
cve
CVE-2014-7289
2015-01-21 15:17:02
nvd
nvd
CVE-2014-7289
2015-01-21 15:17:02
cvelist
cvelist
CVE-2014-7289
2015-01-21 11:00:00
prion
prion
Sql injection
2015-01-21 15:17:00
exploitpack
exploitpack
Symantec Data Center Security - Multiple Vulnerabilities
2015-01-26 00:00:00
zdt
zdt
Symantec Data Center Security - Multiple Vulnerabilities
2015-01-22 00:00:00
securityvulns
securityvulns
Symantec Data Center Security: Server Advanced &#40;SDCS:SA&#41; &amp; SCSP security vulnerabilities
2015-01-25 00:00:00
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced &#40;SDCS:SA&#41; &amp; SCSP
2015-01-25 00:00:00
packetstorm
packetstorm
Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure
2015-01-22 00:00:00
symantec
symantec
Symantec Data Center Security: Server Advanced, Multiple Security Issues on Management Server and Pr
2015-01-19 08:00:00
exploitdb
exploitdb
Symantec Data Center Security - Multiple Vulnerabilities
2015-01-26 00:00:00
nessus
nessus
Symantec Critical System Protection 5.2.9.x < 5.2.9 MP6 Multiple Vulnerabilities (SYM15-001 / SYM16-009)
2015-01-22 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for SYMANTEC_DCS_CVE_2014_7289.NASL
cve1nvd1cvelist1prion1exploitpack1zdt1securityvulns2packetstorm1symantec1exploitdb1nessus1