ID OPENVAS:1361412562310103427 Type openvas Reporter Copyright (C) 2012 Greenbone Networks GmbH Modified 2020-05-08T00:00:00
Description
Mathopd is prone to a directory-traversal vulnerability because it
fails to sufficiently sanitize user-supplied input data.
###############################################################################
# OpenVAS Vulnerability Test
#
# Mathopd Directory Traversal Vulnerability
#
# Authors:
# Michael Meyer <michael.meyer@greenbone.net>
#
# Copyright:
# Copyright (C) 2012 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103427");
script_bugtraq_id(51872);
script_cve_id("CVE-2012-1050");
script_version("2020-05-08T08:34:44+0000");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_name("Mathopd Directory Traversal Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51872");
script_xref(name:"URL", value:"http://www.mathopd.org/");
script_xref(name:"URL", value:"http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/521507");
script_tag(name:"last_modification", value:"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)");
script_tag(name:"creation_date", value:"2012-02-16 15:14:41 +0100 (Thu, 16 Feb 2012)");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_family("Web Servers");
script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
script_dependencies("gb_get_http_banner.nasl");
script_mandatory_keys("Mathopd/banner");
script_require_ports("Services/www", 80);
script_tag(name:"summary", value:"Mathopd is prone to a directory-traversal vulnerability because it
fails to sufficiently sanitize user-supplied input data.");
script_tag(name:"impact", value:"Exploiting the issue may allow an attacker to obtain sensitive
information that could aid in further attacks.");
script_tag(name:"affected", value:"Versions prior to Mathopd 1.5p7 are vulnerable.");
script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("host_details.inc");
include("version_func.inc");
port = http_get_port(default:80);
banner = http_get_remote_headers(port: port);
if(!banner || "Server: Mathopd/" >!< banner)exit(0);
version = eregmatch(pattern:"Server: Mathopd/([0-9.p]+)",string:banner);
vers = version[1];
if(!isnull(vers) && vers >!< "unknown") {
if("p" >< vers) {
vers1 = split(vers,sep:"p",keep:FALSE);
if(!isnull(vers1[1])) {
vers = vers1[0] + '.p' + vers1[1];
}
}
if(version_is_less(version: vers, test_version: "1.5.p7")) {
security_message(port:port);
exit(0);
}
}
exit(0);
{"id": "OPENVAS:1361412562310103427", "type": "openvas", "bulletinFamily": "scanner", "title": "Mathopd Directory Traversal Vulnerability", "description": "Mathopd is prone to a directory-traversal vulnerability because it\nfails to sufficiently sanitize user-supplied input data.", "published": "2012-02-16T00:00:00", "modified": "2020-05-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103427", "reporter": "Copyright (C) 2012 Greenbone Networks GmbH", "references": ["http://www.mathopd.org/", "http://www.securityfocus.com/archive/1/521507", "http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html", "http://www.securityfocus.com/bid/51872"], "cvelist": ["CVE-2012-1050"], "lastseen": "2020-05-12T17:31:00", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1050"]}, {"type": "openvas", "idList": ["OPENVAS:103427"]}], "modified": "2020-05-12T17:31:00", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2020-05-12T17:31:00", "rev": 2}, "vulnersScore": 5.5}, "pluginID": "1361412562310103427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mathopd Directory Traversal Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103427\");\n script_bugtraq_id(51872);\n script_cve_id(\"CVE-2012-1050\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_name(\"Mathopd Directory Traversal Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51872\");\n script_xref(name:\"URL\", value:\"http://www.mathopd.org/\");\n script_xref(name:\"URL\", value:\"http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/521507\");\n\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-16 15:14:41 +0100 (Thu, 16 Feb 2012)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"Mathopd/banner\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"summary\", value:\"Mathopd is prone to a directory-traversal vulnerability because it\nfails to sufficiently sanitize user-supplied input data.\");\n\n script_tag(name:\"impact\", value:\"Exploiting the issue may allow an attacker to obtain sensitive\ninformation that could aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Versions prior to Mathopd 1.5p7 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\n\ninclude(\"version_func.inc\");\n\nport = http_get_port(default:80);\nbanner = http_get_remote_headers(port: port);\nif(!banner || \"Server: Mathopd/\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"Server: Mathopd/([0-9.p]+)\",string:banner);\nvers = version[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n if(\"p\" >< vers) {\n vers1 = split(vers,sep:\"p\",keep:FALSE);\n if(!isnull(vers1[1])) {\n vers = vers1[0] + '.p' + vers1[1];\n }\n }\n\n if(version_is_less(version: vers, test_version: \"1.5.p7\")) {\n security_message(port:port);\n exit(0);\n }\n}\n\nexit(0);\n", "naslFamily": "Web Servers", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:59:46", "description": "Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header.", "edition": 4, "cvss3": {}, "published": "2012-02-13T19:55:00", "title": "CVE-2012-1050", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1050"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:mathopd:mathopd:1.5_p6", "cpe:/a:mathopd:mathopd:1.5_p3", "cpe:/a:mathopd:mathopd:1.5_p4", "cpe:/a:mathopd:mathopd:1.5_p5", "cpe:/a:mathopd:mathopd:1.4_p1", "cpe:/a:mathopd:mathopd:1.4", "cpe:/a:mathopd:mathopd:1.5_p4_1", "cpe:/a:mathopd:mathopd:1.4_p2", "cpe:/a:mathopd:mathopd:1.5_p4_2"], "id": "CVE-2012-1050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1050", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mathopd:mathopd:1.5_p3:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.5_p4_1:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.4_p2:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.5_p5:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.5_p4:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.5_p4_2:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.4_p1:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mathopd:mathopd:1.5_p6:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1050"], "description": "Mathopd is prone to a directory-traversal vulnerability because it\nfails to sufficiently sanitize user-supplied input data.\n\nExploiting the issue may allow an attacker to obtain sensitive\ninformation that could aid in further attacks.\n\nVersions prior to Mathopd 1.5p7 are vulnerable.", "modified": "2017-04-11T00:00:00", "published": "2012-02-16T00:00:00", "id": "OPENVAS:103427", "href": "http://plugins.openvas.org/nasl.php?oid=103427", "type": "openvas", "title": "Mathopd Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_Mathopd_51872.nasl 5931 2017-04-11 09:02:04Z teissa $\n#\n# Mathopd Directory Traversal Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Mathopd is prone to a directory-traversal vulnerability because it\nfails to sufficiently sanitize user-supplied input data.\n\nExploiting the issue may allow an attacker to obtain sensitive\ninformation that could aid in further attacks.\n\nVersions prior to Mathopd 1.5p7 are vulnerable.\";\n\ntag_solution = \"Updates are available. Please see the references for more information.\";\n\nif (description)\n{\n script_id(103427);\n script_bugtraq_id(51872);\n script_cve_id(\"CVE-2012-1050\");\n script_version (\"$Revision: 5931 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_name(\"Mathopd Directory Traversal Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/51872\");\n script_xref(name : \"URL\" , value : \"http://www.mathopd.org/\");\n script_xref(name : \"URL\" , value : \"http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/521507\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-16 15:14:41 +0100 (Thu, 16 Feb 2012)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"Mathopd/banner\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n \ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\"); \ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nbanner = get_http_banner(port: port);\nif(!banner || \"Server: Mathopd/\" >!< banner)exit(0);\n\nversion = eregmatch(pattern:\"Server: Mathopd/([0-9.p]+)\",string:banner);\nvers = version[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n if(\"p\" >< vers) {\n vers1 = split(vers,sep:\"p\",keep:FALSE);\n if(!isnull(vers1[1])) {\n vers = vers1[0] + '.p' + vers1[1];\n } \n } \n\n if(version_is_less(version: vers, test_version: \"1.5.p7\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
