Lucene search
This script is Copyright (C) 2004 David MaciejakOPENVAS:15621HistoryNov 03, 2005 - 12:00 a.m.
Cherokee directory traversal flaw
2005-11-0300:00:00
This script is Copyright (C) 2004 David Maciejak
plugins.openvas.org
6
0.013 Low
EPSS
Percentile
84.2%
The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to directory
traversal flaw when appending a ‘…/’ sequence to the web request.
Additionally, this version fails to drop root privileges after it binds
to listen port.
Remote attacker can then submit specially crafted web request to
browse any file on the server with root privileges.
# OpenVAS Vulnerability Test
# $Id: cherokee_dir_traversal.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: Cherokee directory traversal flaw
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from (C) Tenable Network Security
#
# Copyright:
# Copyright (C) 2004 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to directory
traversal flaw when appending a '../' sequence to the web request.
Additionally, this version fails to drop root privileges after it binds
to listen port.
Remote attacker can then submit specially crafted web request to
browse any file on the server with root privileges.";
tag_solution = "Upgrade to Cherokee 0.2.8 or newer";
# Ref: GOBBLES advisory on December 29th, 2001.
if(description)
{
script_id(15621);
script_version("$Revision: 8023 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_cve_id("CVE-2001-1432");
script_bugtraq_id(3772);
name = "Cherokee directory traversal flaw";
script_name(name);
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("This script is Copyright (C) 2004 David Maciejak");
family = "Gain a shell remotely";
script_family(family);
script_dependencies("gb_get_http_banner.nasl");
script_mandatory_keys("Cherokee/banner");
script_require_ports("Services/www", 443);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
port = get_http_port(default:80);
if(!get_port_state(port))exit(0);
banner = get_http_banner(port: port);
if(!banner)exit(0);
serv = strstr(banner, "Server");
if(ereg(pattern:"^Server:.*Cherokee/0\.([01]\.|2\.[0-7])[^0-9]", string:serv))
{
security_message(port);
}
Related
openvas
openvas
Cherokee directory traversal flaw
2005-11-03 00:00:00
cve
cve
CVE-2001-1432
2001-12-29 05:00:00
nessus
nessus
Cherokee Web Server URI Traversal Arbitrary File Access
2004-11-04 00:00:00