TIBCO JasperReports Server 6.x < 6.2.5 / 6.3.0 / 6.3.2 / 6.3.3 / 6.4.0 / 6.4.2 Information Disclosure (CVE-2018-5430)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(171213);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/09");

  script_cve_id("CVE-2018-5430");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/01/19");

  script_name(english:"TIBCO JasperReports Server 6.x < 6.2.5 / 6.3.0 / 6.3.2 / 6.3.3 / 6.4.0 / 6.4.2 Information Disclosure (CVE-2018-5430)");

  script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote server is affected by an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of TIBCO JasperReports Server running on the remote web server is
6.x < 6.2.5, 6.3.0, 6.3.2, 6.3.3, 6.4.0, or 6.4.2. It is, therefore, affected by an information disclosure vulnerability
in the Spring web flows component that can allow any authenticated user read-only access to the contents of the web
application, including key configuration files.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c80288c5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to TIBCO JasperReports Server version 6.2.5 / 6.3.4 / 6.4.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5430");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tibco:jasperreports_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tibco_jasperreports_server_web_detect.nbin");
  script_require_keys("installed_sw/TIBCO JasperReports Server");
  script_require_ports("Services/www", 80, 443, 8080);

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:8080);

var app_info = vcf::get_app_info(app:'TIBCO JasperReports Server', port:port, webapp:TRUE);

var constraints = [
  {'min_version':'6.0', 'fixed_version':'6.2.5'},
  {'equal':'6.3.0', 'fixed_version':'6.3.4'},
  {'min_version':'6.3.2', 'fixed_version':'6.3.4'},
  {'equal':'6.4.0', 'fixed_version':'6.4.3'},
  {'equal':'6.4.2', 'fixed_version':'6.4.3'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);