Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasThis script is Copyright (C) 2001 SecuriTeamOPENVAS:10748
HistoryNov 03, 2005 - 12:00 a.m.

Mediahouse Statistics Web Server Detect

2005-11-0300:00:00
This script is Copyright (C) 2001 SecuriTeam
plugins.openvas.org
7

0.022 Low

EPSS

Percentile

88.3%

JSON

We detected the remote web server as a
Mediahouse Statistics web server. This web server suffers from a security
vulnerability that enables attackers to gain sensitive information on the
current logged events on the public web server (the server being monitored
by MediaHouse).
This information includes: who is on (currently surfing users), the user’s
actions, customer’s IP addresses, referrer URLs, hidden directories, web
server usernames and passwords, and more.

Some versions of the product also suffer from a flaw that allows attackers
to overflow an internal buffer causing it to execute arbitrary code.

# OpenVAS Vulnerability Test
# $Id: mediahouse_statistics_web_server.nasl 6040 2017-04-27 09:02:38Z teissa $
# Description: Mediahouse Statistics Web Server Detect
#
# Authors:
# Noam Rathaus <[email protected]>
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
# Erik Anderson <[email protected]>
# Added BugtraqID and CVE
#
# Copyright:
# Copyright (C) 2001 Noam Rathaus <[email protected]>
# Copyright (C) 2001 SecuriTeam
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "We detected the remote web server as a 
Mediahouse Statistics web server. This web server suffers from a security 
vulnerability that enables attackers to gain sensitive information on the 
current logged events on the public web server (the server being monitored 
by MediaHouse).
This information includes: who is on (currently surfing users), the user's 
actions, customer's IP addresses, referrer URLs, hidden directories, web 
server usernames and passwords, and more.

Some versions of the product also suffer from a flaw that allows attackers 
to overflow an internal buffer causing it to execute arbitrary code.";

tag_solution = "Block the web server's port number on your Firewall, and
upgrade to the latest version if necessary.";

# Could also cover BugtraqID:734, CVE:CVE-1999-0931

if(description)
{
 script_id(10748);
 script_version("$Revision: 6040 $");
 script_tag(name:"last_modification", value:"$Date: 2017-04-27 11:02:38 +0200 (Thu, 27 Apr 2017) $");
 script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
 script_bugtraq_id(1568);
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_cve_id("CVE-2000-0776");

 name = "Mediahouse Statistics Web Server Detect";
 script_name(name);

 summary = "Mediahouse Statistics Web Server Detection";

 script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner");

 script_copyright("This script is Copyright (C) 2001 SecuriTeam");
 family = "General";
 script_family(family);

 script_dependencies("gb_get_http_banner.nasl");
 script_mandatory_keys("Statistics_Server/banner");
 script_require_keys("www/statistics-server");
 script_require_ports("Services/www", 80);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

#
# The script code starts here
#
include("http_func.inc");

port = get_http_port(default:80);


if(!get_port_state(port))exit(0);

buf  = get_http_banner(port:port);

if (egrep(pattern:"^Server: Statistics Server", string:buf))
{
 buf = strstr(buf, "Location: ");
 buf = buf - "Location: ";
 subbuf = strstr(buf, string("\n"));
 buf = buf - subbuf;
 buf = buf - raw_string(0x0D);
 soc = http_open_socket(port);
 if (soc)
 {
  req = http_get(item:buf, port:port);
  send(socket:soc, data:req);
  buf = http_recv(socket:soc);
  http_close_socket(soc);

  if ("Statistics Server " >< buf)
  {
   buf = strstr(buf, "<TITLE>Statistics Server ");
   buf = buf - "<TITLE>Statistics Server ";
   subbuf = strstr(buf, "</TITLE>");
   buf = buf - subbuf;
   buf = buf - "</TITLE>";
   version = buf;

   buf = "Remote host is running Statistics Server version: ";
   buf = buf + version;
   if(ereg(pattern:"(([0-4]\.[0-9].*)|5\.0[0-2])", string:version))
   {
    # should be a separate plugin ?
    report = string("According to its version number, the remote MediaHouse\n",
        	      "Statistics Server is vulnerable to a buffer overflow that\n",
		      "allows anyone to execute arbitrary code as root.\n\n",
		      "Solution: Upgrade to version 5.03 or newer");
   security_message(data:report, port:port);
   }
   else
   {
    security_message(port);
   }
  }
 }
}

Related

openvas 1
cve 2
openvas
openvas
Mediahouse Statistics Web Server Detect
2005-11-03 00:00:00
cve
cve
CVE-1999-0931
1999-09-30 04:00:00
CVE-2000-0776
2000-10-20 04:00:00

0.022 Low

EPSS

Percentile

88.3%

JSON
Related for OPENVAS:10748
openvas1cve2