Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2001-2021 Tenable Network Security, Inc.WEBDRIVER.NASL
HistoryJan 08, 2001 - 12:00 a.m.

Informix webdriver CGI Unauthenticated Database Access

2001-01-0800:00:00
This script is Copyright (C) 2001-2021 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host.

Nessus relied solely on the presence of this CGI; it did not try to determine if the installed version is vulnerable to that problem.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(10592);
 script_version("1.30");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_bugtraq_id(2166);

 script_name(english:"Informix webdriver CGI Unauthenticated Database Access");
 script_summary(english:"Checks for the presence of Webdriver");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that may fail to restrict
access to an installed database.");
 script_set_attribute(attribute:"description", value:
"The remote host may be running Informix Webdriver, a web-to-database
interface. If not configured properly, this CGI script may give an
unauthenticated attacker the ability to modify and even delete
databases on the remote host.

Nessus relied solely on the presence of this CGI; it did not try to
determine if the installed version is vulnerable to that problem.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Jan/8");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Jan/49");
 script_set_attribute(attribute:"solution", value:"Consult the product documentation to properly configure the script.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/12/29");
 script_set_attribute(attribute:"plugin_publication_date", value:"2001/01/08");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);

res = is_cgi_installed3(port:port, item:"webdriver");
if(res)security_warning(port);
JSON