CVSTrac filediff vulnerability

CVSTrac filediff vulnerability in web-based bug and patch-set tracking syste

Reporter	Title	Published	Views	Family All 6
Check Point Advisories	CVSTrac FileDiff v2 Parameter Command Execution - Ver2 (CVE-2004-1456)	26 Mar 201500:00	–	checkpoint_advisories
CVE	CVE-2004-1456	13 Feb 200505:00	–	cve
Cvelist	CVE-2004-1456	13 Feb 200505:00	–	cvelist
Tenable Nessus	CVSTrac filediff Arbitrary Remote Code Execution	9 Aug 200400:00	–	nessus
NVD	CVE-2004-1456	31 Dec 200405:00	–	nvd
OpenVAS	CVSTrac filediff vulnerability	3 Nov 200500:00	–	openvas

# OpenVAS Vulnerability Test
# $Id: cvstrac_filediff.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: CVSTrac filediff vulnerability
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from (C) Tenable Netwok Security
#
# Copyright:
# Copyright (C) 2004 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote host seems to be running cvstrac, 
a web-based bug and patch-set tracking system for CVS.

This version of filediff has a flaw in the input sanitation
which, when exploited, can lead to a remote attacker 
executing arbitrary commands on the system.

***** OpenVAS has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.";

tag_solution = "Update to version 1.1.4 or disable this CGI suite";

# Ref: Richard Ngo (August 2004)

if(description)
{
script_id(14220);
script_version("$Revision: 8023 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_cve_id("CVE-2004-1456");
script_bugtraq_id(10878);

 script_xref(name:"OSVDB", value:"8373");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 name = "CVSTrac filediff vulnerability";

 script_name(name);
 


 
 
 script_category(ACT_ATTACK);
  script_tag(name:"qod_type", value:"remote_banner");
 
 
 script_copyright("This script is Copyright (C) 2004 David Maciejak");
 family = "Web application abuses";
 script_family(family);
 script_dependencies("cvstrac_detect.nasl");
 script_require_ports("Services/www", 80);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_http_port(default:80);
kb = get_kb_item("www/" + port + "/cvstrac" );
if ( ! kb ) exit(0);
stuff = eregmatch(pattern:"(.*) under (.*)", string:kb );
version = stuff[1];
if(ereg(pattern:"^(0\.|1\.(0|1\.[0-3]([^0-9]|$)))", string:version))
 		security_message(port);

07 Dec 2017 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.54209