A-A-S Application Access Server Multiple Vulnerabilities

A-A-S Application Access Server multiple security vulnerabilities version 2.0.4

Reporter	Title	Published	Views	Family All 25
Tenable Nessus	A-A-S Application Access Server Default Admin Password	14 May 200900:00	–	nessus
CVE	CVE-2009-1464	14 May 200917:00	–	cve
CVE	CVE-2009-1465	14 May 200917:00	–	cve
CVE	CVE-2009-1466	14 May 200917:00	–	cve
Cvelist	CVE-2009-1464	14 May 200917:00	–	cvelist
Cvelist	CVE-2009-1465	14 May 200917:00	–	cvelist
Cvelist	CVE-2009-1466	14 May 200917:00	–	cvelist
EUVD	EUVD-2009-1462	7 Oct 202500:30	–	euvd
EUVD	EUVD-2009-1463	7 Oct 202500:30	–	euvd
NVD	CVE-2009-1464	14 May 200917:30	–	nvd

Source	Link
securityfocus	www.securityfocus.com/bid/34911

###############################################################################
# OpenVAS Vulnerability Test
# $Id: aas_34911.nasl 4574 2016-11-18 13:36:58Z teissa $
#
# A-A-S Application Access Server Multiple Vulnerabilities
#
# Authors
# Michael Meyer
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "According to its version number, the remote version of A-A-S
  Application Access Server is prone to multiple security issues
  including a cross-site request-forgery vulnerability, an
  insecure-default-password vulnerability and an
  information-disclosure vulnerability.

  Attackers can exploit these issues to run privileged commands on the
  affected computer and gain unauthorized administrative access to the
  affected application and the underlying system.

  These issues affect version 2.0.48; other versions may also be
  affected.";


if (description)
{
 script_id(100197);
 script_version("$Revision: 4574 $");
 script_tag(name:"last_modification", value:"$Date: 2016-11-18 14:36:58 +0100 (Fri, 18 Nov 2016) $");
 script_tag(name:"creation_date", value:"2009-05-12 22:04:51 +0200 (Tue, 12 May 2009)");
 script_bugtraq_id(34911);
 script_cve_id("CVE-2009-1464","CVE-2009-1465","CVE-2009-1466");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

 script_name("A-A-S Application Access Server Multiple Vulnerabilities");


 script_tag(name:"qod_type", value:"remote_banner");
 script_category(ACT_GATHER_INFO);
 script_family("Web application abuses");
 script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
 script_dependencies("aas_detect.nasl");
 script_require_ports("Services/www", 6262);
 script_tag(name : "summary" , value : tag_summary);
 script_xref(name : "URL" , value : "http://www.securityfocus.com/bid/34911");
 exit(0);
}

include("http_func.inc");
include("version_func.inc");

port = get_http_port(default:6262);

if(!get_port_state(port))exit(0);

if(!vers = get_kb_item(string("www/", port, "/aas")))exit(0);

if(!isnull(vers) && vers >!< "unknown") {

  if(version_is_equal(version: vers, test_version: "2.0.48")) {
      security_message(port:port);
      exit(0);
  }  

}

exit(0);

18 Nov 2016 00:00Current

0.9Low risk

Vulners AI Score0.9

EPSS0.00675