Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2003 Michel ArboiOPENVAS:136141256231011939
HistoryNov 03, 2005 - 12:00 a.m.

foxweb <= 2.5 CGI Buffer Overflow Vulnerability

2005-11-0300:00:00
Copyright (C) 2003 Michel Arboi
plugins.openvas.org
23

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

The foxweb.dll or foxweb.exe CGI is installed.

Versions 2.5 and below of this CGI program have a security flaw
that lets an attacker execute arbitrary code on the remote server.

# SPDX-FileCopyrightText: 2003 Michel Arboi
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.11939");
  script_version("2024-05-03T15:38:41+0000");
  script_tag(name:"last_modification", value:"2024-05-03 15:38:41 +0000 (Fri, 03 May 2024)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2003-0762");
  script_name("foxweb <= 2.5 CGI Buffer Overflow Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2003 Michel Arboi");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "httpver.nasl", "os_detection.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("Host/runs_windows");
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_xref(name:"URL", value:"https://web.archive.org/web/20210313101631/http://www.securityfocus.com/bid/8547");

  script_tag(name:"summary", value:"The foxweb.dll or foxweb.exe CGI is installed.

  Versions 2.5 and below of this CGI program have a security flaw
  that lets an attacker execute arbitrary code on the remote server.");

  script_tag(name:"vuldetect", value:"Checks if the CGI is installed on the remote host.");

  script_tag(name:"solution", value:"Remove it from /cgi-bin or upgrade it.");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_tag(name:"solution_type", value:"Workaround");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port(default:80);

foreach cgi( make_list( "foxweb.dll", "foxweb.exe") ) {

  res = http_is_cgi_installed_ka( item:cgi, port:port );
  if( res ) {
    report = http_report_vuln_url( port:port, url:"/" + cgi );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 0 );

Related

cve 1
cvelist 1
nvd 1
nessus 1
cve
cve
CVE-2003-0762
2022-10-03 16:15:44
cvelist
cvelist
CVE-2003-0762
2022-10-03 16:15:44
nvd
nvd
CVE-2003-0762
2003-09-17 04:00:00
nessus
nessus
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow
2003-12-04 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for OPENVAS:136141256231011939
cve1cvelist1nvd1nessus1