Lucene search
A-A-S Application Access Server Multiple Vulnerabilities
🗓️ 12 May 2009 00:00:00Reported by This script is Copyright (C) 2009 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 30 Views
A-A-S Application Access Server multiple security vulnerabilities version 2.0.4
Show more
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities | 13 May 200900:00 | – | securityvulns |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 13 May 200900:00 | – | securityvulns |
| A-A-S Application Access Server <= 2.0.48 Multiple Vulnerabilities | 12 May 200900:00 | – | openvas |
| Ubuntu USN-774-1 (moin) | 5 Jun 200900:00 | – | openvas |
| Ubuntu USN-772-1 (mpfr) | 5 Jun 200900:00 | – | openvas |
| Ubuntu USN-771-1 (libmodplug) | 5 Jun 200900:00 | – | openvas |
| Ubuntu USN-773-1 (pango1.0) | 5 Jun 200900:00 | – | openvas |
 | Klinzmann A-A-S XSRF / Code Execution | 13 May 200900:00 | – | packetstorm |
| Klinzmann A-A-S 2.0.48 XSRF Exploit | 13 May 200900:00 | – | packetstorm |
 | CVE-2009-1465 | 14 May 200917:00 | – | cvelist |
10
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/34911 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: aas_34911.nasl 4574 2016-11-18 13:36:58Z teissa $
#
# A-A-S Application Access Server Multiple Vulnerabilities
#
# Authors
# Michael Meyer
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_summary = "According to its version number, the remote version of A-A-S
Application Access Server is prone to multiple security issues
including a cross-site request-forgery vulnerability, an
insecure-default-password vulnerability and an
information-disclosure vulnerability.
Attackers can exploit these issues to run privileged commands on the
affected computer and gain unauthorized administrative access to the
affected application and the underlying system.
These issues affect version 2.0.48; other versions may also be
affected.";
if (description)
{
script_id(100197);
script_version("$Revision: 4574 $");
script_tag(name:"last_modification", value:"$Date: 2016-11-18 14:36:58 +0100 (Fri, 18 Nov 2016) $");
script_tag(name:"creation_date", value:"2009-05-12 22:04:51 +0200 (Tue, 12 May 2009)");
script_bugtraq_id(34911);
script_cve_id("CVE-2009-1464","CVE-2009-1465","CVE-2009-1466");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("A-A-S Application Access Server Multiple Vulnerabilities");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
script_dependencies("aas_detect.nasl");
script_require_ports("Services/www", 6262);
script_tag(name : "summary" , value : tag_summary);
script_xref(name : "URL" , value : "http://www.securityfocus.com/bid/34911");
exit(0);
}
include("http_func.inc");
include("version_func.inc");
port = get_http_port(default:6262);
if(!get_port_state(port))exit(0);
if(!vers = get_kb_item(string("www/", port, "/aas")))exit(0);
if(!isnull(vers) && vers >!< "unknown") {
if(version_is_equal(version: vers, test_version: "2.0.48")) {
security_message(port:port);
exit(0);
}
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 May 2009 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.00675