ID WAVEMAKER_STUDIO_NO_AUTH.NASL Type nessus Reporter Tenable Modified 2012-07-19T00:00:00
Description
The version of WaveMaker Studio detected on the remote host does not
require authentication. A remote, unauthenticated attacker could
exploit this to create, modify, and deploy projects.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(60062);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2012/07/19 19:27:21 $");
script_name(english:"WaveMaker Studio Requires No Authentication");
script_summary(english:"Checks KB to see if authentication is required");
script_set_attribute(
attribute:"synopsis",
value:
"A web development application hosted on the remote web server does not
require authentication."
);
script_set_attribute(
attribute:"description",
value:
"The version of WaveMaker Studio detected on the remote host does not
require authentication. A remote, unauthenticated attacker could
exploit this to create, modify, and deploy projects."
);
script_set_attribute(attribute:"see_also", value:"http://dev.wavemaker.com/forums/?q=node/2304");
script_set_attribute(attribute:"see_also", value:"http://dev.wavemaker.com/forums/?q=node/8418");
script_set_attribute(
attribute:"solution",
value:
"Configure WaveMaker Studio to require authentication using one of the
methods in the referenced WaveMaker forum posts."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:vmware:wavemaker");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
script_dependencies("wavemaker_studio_detect.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/wavemaker_studio");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:8094);
get_kb_item_or_exit('www/' + port + '/wavemaker_studio/noauth');
install = get_install_from_kb(appname:'wavemaker_studio', port:port, exit_on_fail:TRUE);
if (report_verbosity > 0)
{
header = 'The following WaveMaker Studio install does not require authentication';
report = get_vuln_report(header:header, port:port, items:install['dir'] + '/');
security_hole(port:port, extra:report);
}
else security_hole(port);
{"id": "WAVEMAKER_STUDIO_NO_AUTH.NASL", "bulletinFamily": "scanner", "title": "WaveMaker Studio Requires No Authentication", "description": "The version of WaveMaker Studio detected on the remote host does not\nrequire authentication. A remote, unauthenticated attacker could\nexploit this to create, modify, and deploy projects.", "published": "2012-07-19T00:00:00", "modified": "2012-07-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60062", "reporter": "Tenable", "references": ["http://dev.wavemaker.com/forums/?q=node/8418", "http://dev.wavemaker.com/forums/?q=node/2304"], "cvelist": [], "type": "nessus", "lastseen": "2019-01-16T20:14:05", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of WaveMaker Studio detected on the remote host does not require authentication. A remote, unauthenticated attacker could exploit this to create, modify, and deploy projects.", "edition": 1, "enchantments": {}, "hash": "91f8f4f3dd853d268b3a1e10f57c648f8c0dd3f2e89560b9fbcb19cd8808b202", "hashmap": [{"hash": "4afa222cf11791de552a0bab1584475b", "key": "description"}, {"hash": "764497b4a2a25664fb6a19e3f9604bc3", "key": "pluginID"}, {"hash": "997eefcadaaa9510004e8d803fe7ef9f", "key": "sourceData"}, {"hash": "33b7e201dcf2e13231aa22398c2e9d23", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6513ef55d3f8f7dcfcfa21c31cc88498", "key": "title"}, {"hash": "a00b3c4d927a64d5592042078fddd9f1", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "242ab1b368433cc5eaefa1ac86deae79", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a00b3c4d927a64d5592042078fddd9f1", "key": "modified"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60062", "id": "WAVEMAKER_STUDIO_NO_AUTH.NASL", "lastseen": "2016-09-26T17:24:02", "modified": "2012-07-19T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "60062", "published": "2012-07-19T00:00:00", "references": ["http://dev.wavemaker.com/forums/?q=node/8418", "http://dev.wavemaker.com/forums/?q=node/2304"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60062);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/07/19 19:27:21 $\");\n\n script_name(english:\"WaveMaker Studio Requires No Authentication\");\n script_summary(english:\"Checks KB to see if authentication is required\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A web development application hosted on the remote web server does not\nrequire authentication.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of WaveMaker Studio detected on the remote host does not\nrequire authentication. A remote, unauthenticated attacker could\nexploit this to create, modify, and deploy projects.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/2304\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/8418\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Configure WaveMaker Studio to require authentication using one of the\nmethods in the referenced WaveMaker forum posts.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:wavemaker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wavemaker_studio_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/wavemaker_studio\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:8094);\nget_kb_item_or_exit('www/' + port + '/wavemaker_studio/noauth');\ninstall = get_install_from_kb(appname:'wavemaker_studio', port:port, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n header = 'The following WaveMaker Studio install does not require authentication';\n report = get_vuln_report(header:header, port:port, items:install['dir'] + '/');\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "title": "WaveMaker Studio Requires No Authentication", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/a:vmware:wavemaker"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of WaveMaker Studio detected on the remote host does not require authentication. A remote, unauthenticated attacker could exploit this to create, modify, and deploy projects.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c2b737c3f8363cf00f5abc7439bd9d786a7402419ae75be889504077cd3ef452", "hashmap": [{"hash": "4afa222cf11791de552a0bab1584475b", "key": "description"}, {"hash": "764497b4a2a25664fb6a19e3f9604bc3", "key": "pluginID"}, {"hash": "738bd217aafeeb386a610f5a15a71b23", "key": "cpe"}, {"hash": "997eefcadaaa9510004e8d803fe7ef9f", "key": "sourceData"}, {"hash": "33b7e201dcf2e13231aa22398c2e9d23", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6513ef55d3f8f7dcfcfa21c31cc88498", "key": "title"}, {"hash": "a00b3c4d927a64d5592042078fddd9f1", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "242ab1b368433cc5eaefa1ac86deae79", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a00b3c4d927a64d5592042078fddd9f1", "key": "modified"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60062", "id": "WAVEMAKER_STUDIO_NO_AUTH.NASL", "lastseen": "2017-10-29T13:36:17", "modified": "2012-07-19T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "60062", "published": "2012-07-19T00:00:00", "references": ["http://dev.wavemaker.com/forums/?q=node/8418", "http://dev.wavemaker.com/forums/?q=node/2304"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60062);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/07/19 19:27:21 $\");\n\n script_name(english:\"WaveMaker Studio Requires No Authentication\");\n script_summary(english:\"Checks KB to see if authentication is required\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A web development application hosted on the remote web server does not\nrequire authentication.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of WaveMaker Studio detected on the remote host does not\nrequire authentication. A remote, unauthenticated attacker could\nexploit this to create, modify, and deploy projects.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/2304\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/8418\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Configure WaveMaker Studio to require authentication using one of the\nmethods in the referenced WaveMaker forum posts.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:wavemaker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wavemaker_studio_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/wavemaker_studio\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:8094);\nget_kb_item_or_exit('www/' + port + '/wavemaker_studio/noauth');\ninstall = get_install_from_kb(appname:'wavemaker_studio', port:port, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n header = 'The following WaveMaker Studio install does not require authentication';\n report = get_vuln_report(header:header, port:port, items:install['dir'] + '/');\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "title": "WaveMaker Studio Requires No Authentication", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 2, "lastseen": "2017-10-29T13:36:17"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "738bd217aafeeb386a610f5a15a71b23"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "1406cbb7eef94475e40d5cd969e49629"}, {"key": "href", "hash": "242ab1b368433cc5eaefa1ac86deae79"}, {"key": "modified", "hash": "a00b3c4d927a64d5592042078fddd9f1"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "764497b4a2a25664fb6a19e3f9604bc3"}, {"key": "published", "hash": "a00b3c4d927a64d5592042078fddd9f1"}, {"key": "references", "hash": "33b7e201dcf2e13231aa22398c2e9d23"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "997eefcadaaa9510004e8d803fe7ef9f"}, {"key": "title", "hash": "6513ef55d3f8f7dcfcfa21c31cc88498"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "72c88a207140d6cf0b4f9371dbda116cde174552345e3eb5c5df8703ce3330a1", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "nessus", "idList": ["WAVEMAKER_STUDIO_DETECT.NASL"]}], "modified": "2019-01-16T20:14:05"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60062);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/07/19 19:27:21 $\");\n\n script_name(english:\"WaveMaker Studio Requires No Authentication\");\n script_summary(english:\"Checks KB to see if authentication is required\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A web development application hosted on the remote web server does not\nrequire authentication.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of WaveMaker Studio detected on the remote host does not\nrequire authentication. A remote, unauthenticated attacker could\nexploit this to create, modify, and deploy projects.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/2304\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.wavemaker.com/forums/?q=node/8418\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Configure WaveMaker Studio to require authentication using one of the\nmethods in the referenced WaveMaker forum posts.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:wavemaker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wavemaker_studio_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/wavemaker_studio\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:8094);\nget_kb_item_or_exit('www/' + port + '/wavemaker_studio/noauth');\ninstall = get_install_from_kb(appname:'wavemaker_studio', port:port, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n header = 'The following WaveMaker Studio install does not require authentication';\n report = get_vuln_report(header:header, port:port, items:install['dir'] + '/');\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "naslFamily": "CGI abuses", "pluginID": "60062", "cpe": ["x-cpe:/a:vmware:wavemaker"]}
{"nessus": [{"lastseen": "2019-01-16T20:14:05", "bulletinFamily": "scanner", "description": "WaveMaker Studio, a WYSIWYG development studio, was detected on the\nremote host. This application is a component of the WaveMaker\ndevelopment platform.", "modified": "2012-07-19T00:00:00", "published": "2012-07-19T00:00:00", "id": "WAVEMAKER_STUDIO_DETECT.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60061", "title": "WaveMaker Studio Detection", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(60061);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/07/19 19:27:21 $\");\n\n script_name(english:\"WaveMaker Studio Detection\");\n script_summary(english:\"Checks web server for wavemaker studio\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"A web development application is hosted on the remote web server.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"WaveMaker Studio, a WYSIWYG development studio, was detected on the\nremote host. This application is a component of the WaveMaker\ndevelopment platform.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.wavemaker.com/product/\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:wavemaker\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 8094);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:8094);\ndir = '/wavemaker';\nurl = dir + '/';\nres = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n\n# If it doesn't look like WaveMaker, it might be because the app is\n# protected with basic auth. in newer versions of wavemaker we can check\n# for the existence of the configuration tool, which is not protected by basic\n# auth (based on the web.xml suggested on the forums), but links to /wavemaker\nif ('<title>WaveMaker Studio</title>' >!< res[2] || 'new StudioApplication(' >!< res[2])\n{\n headers = parse_http_headers(status_line:res[0], headers:res[1]);\n code = headers['$code'];\n\n if (code != 401)\n audit(AUDIT_WEB_FILES_NOT, 'WaveMaker Studio', port);\n\n res = http_send_recv3(method:'GET', item:'/ConfigurationTool/', port:port, exit_on_fail:TRUE);\n if ('<title>StudioConfigure</title>' >!< res[2] || '@import \"/wavemaker/lib/boot/boot.css\"' >!< res[2])\n audit(AUDIT_WEB_FILES_NOT, 'WaveMaker Studio', port);\n\n noauth = FALSE;\n}\nelse noauth = TRUE;\n\nversion = NULL;\n\n# if studio isn't protected by auth, it should be possible to get the version\nif (noauth)\n{\n foreach page (make_list('/pages/Studio/Studio.html', '/lib/WMVersion'))\n {\n # versions can look like 6.4.5GA or 4.0.2.24308-Community\n # for now we'll assume only the numeric portion is interesting\n res = http_send_recv3(method:'GET', item:dir + page, port:port);\n match = eregmatch(string:res[2], pattern:\"Version: ([\\d.]+)\");\n if (isnull(match)) continue;\n \n version = match[1];\n break;\n }\n}\n\ninstall = add_install(appname:'wavemaker_studio', ver:version, port:port, dir:dir);\nif (noauth)\n set_kb_item(name:'www/' + port + '/wavemaker_studio/noauth', value:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_install_report(display_name:'WaveMaker Studio', installs:install, item:'/', port:port);\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}