ID OPENVAS:10846 Type openvas Reporter This script is Copyright (C) 2002 Tor Houghton Modified 2017-12-07T00:00:00
Description
SilverStream directory listings are enabled.
An attacker may use this problem to gain more knowledge
on this server and possibly to get files you would want
to hide.
# OpenVAS Vulnerability Test
# $Id: silverstream_dirlisting.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: SilverStream directory listing
#
# Authors:
# Tor Houghton, but I looked at "htdig" by
# Renaud Deraison <deraison@cvs.nessus.org>
# modifications by rd:
# - pattern read is different
# - request /SilverStream not /SilverStream/Pages
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
# Erik Anderson <eanders@carmichaelsecurity.com>
# Added links to the Bugtraq message archive
#
# Copyright:
# Copyright (C) 2002 Tor Houghton
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "SilverStream directory listings are enabled.
An attacker may use this problem to gain more knowledge
on this server and possibly to get files you would want
to hide.
Reference : http://online.securityfocus.com/archive/101/144786";
tag_solution = "Reconfigure the server so that others
cannot view directory listings";
if(description)
{
script_id(10846);
script_version("$Revision: 8023 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
name = "SilverStream directory listing";
script_name(name);
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_analysis");
script_copyright("This script is Copyright (C) 2002 Tor Houghton");
family = "Web application abuses";
script_family(family);
script_dependencies("http_version.nasl");
script_require_ports("Services/www", 80);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if(get_port_state(port)) {
buf = string("/SilverStream");
buf = http_get(item:buf, port:port);
rep = http_keepalive_send_recv(port:port, data:buf);
if ( ! rep ) exit(0);
lookfor = "<html><head><title>.*SilverStream.*</title>";
if((egrep(pattern:lookfor, string:rep)) && ("/Pages" >< rep))
security_message(port);
}
{"bulletinFamily": "scanner", "viewCount": 4, "naslFamily": "Web application abuses", "reporter": "This script is Copyright (C) 2002 Tor Houghton", "references": [], "description": "SilverStream directory listings are enabled.\nAn attacker may use this problem to gain more knowledge\non this server and possibly to get files you would want\nto hide.\n\nReference : http://online.securityfocus.com/archive/101/144786", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "c809632883c7817360f7a8159930c899"}, {"key": "href", "hash": "0dcb10f4dbfb5ef042a34705abcdd753"}, {"key": "modified", "hash": "c2a5d507aa397befb5850df450bea65f"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "d5b2bbd3e57d6c19003667a447475589"}, {"key": "published", "hash": "df034d9b90ece22f6e868d36506db720"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f66f950fdbf2d2191d009b80e7491ef7"}, {"key": "sourceData", "hash": "9b4f5116eb53facb0f1c051e43f995ed"}, {"key": "title", "hash": "64c0000ababe72359f5a4d37f5e3626e"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=10846", "modified": "2017-12-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2017-12-08T11:44:08"}, "dependencies": {"references": [], "modified": "2017-12-08T11:44:08"}, "vulnersScore": -0.2}, "id": "OPENVAS:10846", "title": "SilverStream directory listing", "hash": "19e95b2c252db2a8dc2390d5760ccf548c0e4344ee3cea34e853b472f6ad967b", "edition": 2, "published": "2005-11-03T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:10:06", "bulletin": {"hash": "1f889ec03dae5c562e0943bc934de508c8ba8bf438d701450684cef0cc3a938d", "viewCount": 0, "reporter": "This script is Copyright (C) 2002 Tor Houghton", "references": [], "description": "SilverStream directory listings are enabled.\nAn attacker may use this problem to gain more knowledge\non this server and possibly to get files you would want\nto hide.\n\nReference : http://online.securityfocus.com/archive/101/144786", "hashmap": [{"key": "modified", "hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "0dcb10f4dbfb5ef042a34705abcdd753"}, {"key": "title", "hash": "64c0000ababe72359f5a4d37f5e3626e"}, {"key": "description", "hash": "c809632883c7817360f7a8159930c899"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "published", "hash": "df034d9b90ece22f6e868d36506db720"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "d5b2bbd3e57d6c19003667a447475589"}, {"key": "sourceData", "hash": "5994691a1beff60f0f81f72d3afd3c32"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "reporter", "hash": "f66f950fdbf2d2191d009b80e7491ef7"}], "naslFamily": "Web application abuses", "modified": "2017-05-02T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=10846", "published": "2005-11-03T00:00:00", "enchantments": {}, "id": "OPENVAS:10846", "title": "SilverStream directory listing", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: silverstream_dirlisting.nasl 6056 2017-05-02 09:02:50Z teissa $\n# Description: SilverStream directory listing\n#\n# Authors:\n# Tor Houghton, but I looked at \"htdig\" by \n# Renaud Deraison <deraison@cvs.nessus.org>\n# modifications by rd:\n#\t- pattern read is different\n#\t- request /SilverStream not /SilverStream/Pages\n# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>\n# Erik Anderson <eanders@carmichaelsecurity.com>\n# Added links to the Bugtraq message archive\n#\n# Copyright:\n# Copyright (C) 2002 Tor Houghton\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"SilverStream directory listings are enabled.\nAn attacker may use this problem to gain more knowledge\non this server and possibly to get files you would want\nto hide.\n\nReference : http://online.securityfocus.com/archive/101/144786\";\n\ntag_solution = \"Reconfigure the server so that others\ncannot view directory listings\";\n\nif(description)\n{\n script_id(10846);\n script_version(\"$Revision: 6056 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-02 11:02:50 +0200 (Tue, 02 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n name = \"SilverStream directory listing\";\n script_name(name);\n \n summary = \"Checks if SilverStream directory listings are disabled.\";\n \n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n \n script_copyright(\"This script is Copyright (C) 2002 Tor Houghton\");\n family = \"Web application abuses\";\n script_family(family);\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\nport = get_http_port(default:80);\n\n\nif(get_port_state(port)) {\n buf = string(\"/SilverStream\");\n buf = http_get(item:buf, port:port);\n rep = http_keepalive_send_recv(port:port, data:buf);\n if ( ! rep ) exit(0);\n lookfor = \"<html><head><title>.*SilverStream.*</title>\";\n \n if((egrep(pattern:lookfor, string:rep)) && (\"/Pages\" >< rep))\n security_message(port);\n}\n\n", "type": "openvas", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvelist": [], "lastseen": "2017-07-02T21:10:06", "pluginID": "10846"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvelist": [], "lastseen": "2017-12-08T11:44:08", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: silverstream_dirlisting.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: SilverStream directory listing\n#\n# Authors:\n# Tor Houghton, but I looked at \"htdig\" by \n# Renaud Deraison <deraison@cvs.nessus.org>\n# modifications by rd:\n#\t- pattern read is different\n#\t- request /SilverStream not /SilverStream/Pages\n# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>\n# Erik Anderson <eanders@carmichaelsecurity.com>\n# Added links to the Bugtraq message archive\n#\n# Copyright:\n# Copyright (C) 2002 Tor Houghton\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"SilverStream directory listings are enabled.\nAn attacker may use this problem to gain more knowledge\non this server and possibly to get files you would want\nto hide.\n\nReference : http://online.securityfocus.com/archive/101/144786\";\n\ntag_solution = \"Reconfigure the server so that others\ncannot view directory listings\";\n\nif(description)\n{\n script_id(10846);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n name = \"SilverStream directory listing\";\n script_name(name);\n \n \n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n \n script_copyright(\"This script is Copyright (C) 2002 Tor Houghton\");\n family = \"Web application abuses\";\n script_family(family);\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\nport = get_http_port(default:80);\n\n\nif(get_port_state(port)) {\n buf = string(\"/SilverStream\");\n buf = http_get(item:buf, port:port);\n rep = http_keepalive_send_recv(port:port, data:buf);\n if ( ! rep ) exit(0);\n lookfor = \"<html><head><title>.*SilverStream.*</title>\";\n \n if((egrep(pattern:lookfor, string:rep)) && (\"/Pages\" >< rep))\n security_message(port);\n}\n\n", "pluginID": "10846"}
