{"edition": 1, "title": "Novell NetWare Perl Web Handler -v Option Information Disclosure", "bulletinFamily": "software", "published": "2002-08-20T00:00:00", "lastseen": "2017-04-28T13:20:06", "modified": "2002-08-20T00:00:00", "reporter": "OSVDB", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:10928", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 9917\n[CVE-2002-1438](https://vulners.com/cve/CVE-2002-1438)\nBugtraq ID: 5521\n", "affectedSoftware": [], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1438"]}, {"type": "openvas", "idList": ["OPENVAS:11158", "OPENVAS:136141256231011158"]}, {"type": "nessus", "idList": ["NETWARE_POST_PERL.NASL"]}], "modified": "2017-04-28T13:20:06", "rev": 2}, "vulnersScore": 5.7}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "cvelist": ["CVE-2002-1438"], "id": "OSVDB:10928"}

{"cve": [{"lastseen": "2021-02-02T05:19:07", "description": "The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.", "edition": 4, "cvss3": {}, "published": "2003-04-11T04:00:00", "title": "CVE-2002-1438", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1438"], "modified": "2008-09-05T20:30:00", "cpe": ["cpe:/o:novell:netware:5.1", "cpe:/o:novell:netware:6.0"], "id": "CVE-2002-1438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:novell:netware:5.1:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-08T11:44:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1438", "CVE-2002-1437", "CVE-2002-1436"], "description": "Novell Netware contains multiple default web server installations. \nThe Netware Enterprise Web Server (Netscape/IPlanet) has a perl \nhandler which will run arbitrary code given to in a POST request \nversion 5.x (through SP4) and 6.x (through SP1) are effected.", "modified": "2017-12-07T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:11158", "href": "http://plugins.openvas.org/nasl.php?oid=11158", "type": "openvas", "title": "Novell NetWare HTTP POST Perl Code Execution Vulnerability", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: netware_post_perl.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Novell NetWare HTTP POST Perl Code Execution Vulnerability\n#\n# Authors:\n# visigoth <visigoth@securitycentric.com>\n#\n# Copyright:\n# Copyright (C) 2002 visigoth\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"Novell Netware contains multiple default web server installations. \nThe Netware Enterprise Web Server (Netscape/IPlanet) has a perl \nhandler which will run arbitrary code given to in a POST request \nversion 5.x (through SP4) and 6.x (through SP1) are effected.\";\n\ntag_solution = \"Install 5.x SP5 or 6.0 SP2\n\nAdditionally, the enterprise manager web interface may be used to\nunmap the /perl handler entirely. If it is not being used, minimizing\nthis service would be appropriate.\";\n\n\n#\n# REGISTER\n#\nif(description)\n{\n script_id(11158);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(5520, 5521, 5522);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2002-1436\", \"CVE-2002-1437\", \"CVE-2002-1438\"); \n \n name = \"Novell NetWare HTTP POST Perl Code Execution Vulnerability\";\n script_name(name);\n \n\n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n \n script_copyright(\"This script is Copyright (C) 2002 visigoth\");\n\n family = \"Netware\";\n script_family(family);\n\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80, 2200);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nhttp_POST = string(\"POST /perl/ HTTP/1.1\\r\\n\",\n\t \t \"Content-Type: application/octet-stream\\r\\n\",\n\t\t \"Host: \", get_host_name(), \"\\r\\n\",\n\t\t \"Content-Length: \");\n\nperl_code = 'print(\"Content-Type: text/plain\\\\r\\\\n\\\\r\\\\n\", \"OpenVAS=\", 42+42);';\n\nlength = strlen(perl_code);\ndata = string(http_POST, length ,\"\\r\\n\\r\\n\", perl_code);\nrcv = http_keepalive_send_recv(port:port, data:data);\nif(!rcv) exit(0);\n\nif(\"OpenVAS=84\" >< rcv)\n{\n\tsecurity_message(port);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-05-08T08:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1438", "CVE-2002-1437", "CVE-2002-1436"], "description": "Novell Netware contains multiple default web server installations.\n\n The Netware Enterprise Web Server (Netscape/IPlanet) has a perl handler which will run arbitrary\n code given to in a POST request version 5.x (through SP4) and 6.x (through SP1) are effected.", "modified": "2020-05-05T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011158", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011158", "type": "openvas", "title": "Novell NetWare HTTP POST Perl Code Execution Vulnerability", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Novell NetWare HTTP POST Perl Code Execution Vulnerability\n#\n# Authors:\n# visigoth <visigoth@securitycentric.com>\n#\n# Copyright:\n# Copyright (C) 2002 visigoth\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11158\");\n script_version(\"2020-05-05T09:44:01+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 09:44:01 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(5520, 5521, 5522);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2002-1436\", \"CVE-2002-1437\", \"CVE-2002-1438\");\n script_name(\"Novell NetWare HTTP POST Perl Code Execution Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2002 visigoth\");\n script_family(\"Netware\");\n script_dependencies(\"find_service.nasl\", \"httpver.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80, 2200);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Install 5.x SP5 or 6.0 SP2.\n\n Additionally, the enterprise manager web interface may be used to\n unmap the /perl handler entirely. If it is not being used, minimizing\n this service would be appropriate.\");\n\n script_tag(name:\"summary\", value:\"Novell Netware contains multiple default web server installations.\n\n The Netware Enterprise Web Server (Netscape/IPlanet) has a perl handler which will run arbitrary\n code given to in a POST request version 5.x (through SP4) and 6.x (through SP1) are effected.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port(default:80);\n\nhost = http_host_name(port:port);\nurl = \"/perl\";\nreq = string(\"POST \", url, \" HTTP/1.1\\r\\n\",\n \"Content-Type: application/octet-stream\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"Content-Length: \");\nperl_code = 'print(\"Content-Type: text/plain\\\\r\\\\n\\\\r\\\\n\", \"VT-Test=\", 42+42);';\n\nlength = strlen(perl_code);\ndata = string(req, length ,\"\\r\\n\\r\\n\", perl_code);\nrcv = http_keepalive_send_recv(port:port, data:data);\nif(!rcv)\n exit(0);\n\nif(\"VT-Test=84\" >< rcv) {\n report = http_report_vuln_url(port:port, url:url);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-06-16T02:59:02", "description": "Novell NetWare contains multiple default web server installations. \nThe NetWare Enterprise Web Server (Netscape/IPlanet) has a perl \nhandler that will run arbitrary code given in a POST request. \nVersions 5.x (through SP4) and 6.x (through SP1) are affected.", "edition": 18, "published": "2002-11-21T00:00:00", "title": "Novell NetWare Web Handler Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1438", "CVE-2002-1437", "CVE-2002-1436"], "modified": "2002-11-21T00:00:00", "cpe": ["cpe:/o:novell:netware"], "id": "NETWARE_POST_PERL.NASL", "href": "https://www.tenable.com/plugins/nessus/11158", "sourceData": "# (c) 2002 visigoth <visigoth@securitycentric.com>\n# GPLv2\n\n#\n# REGISTER\n#\n\n# Changes by Tenable:\n# - Revised plugin titles, output formatting (9/3/09)\n# - Fix typo in desc (12/28/10)\n# - Updated description and solution. Added CPE and updated copyright (10/18/2012)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11158);\n script_version (\"1.21\");\n script_cve_id(\"CVE-2002-1436\", \"CVE-2002-1437\", \"CVE-2002-1438\"); \n script_bugtraq_id(5520, 5521, 5522);\n \n script_name(english:\"Novell NetWare Web Handler Multiple Vulnerabilities\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is vulnerable to several flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"Novell NetWare contains multiple default web server installations. \nThe NetWare Enterprise Web Server (Netscape/IPlanet) has a perl \nhandler that will run arbitrary code given in a POST request. \nVersions 5.x (through SP4) and 6.x (through SP1) are affected.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install 5.x SP5 or 6.0 SP2.\n\nAdditionally, the enterprise manager web interface may be used to\nunmap the /perl handler entirely. If it is not being used, minimizing\nthis service would be appropriate.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2002/11/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2002/08/20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/o:novell:netware\");\nscript_end_attributes();\n\n script_summary(english:\"Webserver perl handler executes arbitrary POSTs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2002-2020 visigoth\");\n script_family(english:\"Netware\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\",80,2200);\n exit(0);\n}\n\n#\n# ATTACK\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80, embedded:TRUE);\n\n\nif (! get_port_state(port)) port = 2200;\nif (! get_port_state(port)) exit(0);\n\n\nhttp_POST = string(\"POST /perl/ HTTP/1.1\\r\\n\",\n\t \t \"Content-Type: application/octet-stream\\r\\n\",\n\t\t \"Host: \", get_host_name(), \"\\r\\n\",\n\t\t \"Content-Length: \");\n\nperl_code = 'print(\"Content-Type: text/plain\\\\r\\\\n\\\\r\\\\n\", \"Nessus=\", 42+42);';\n\nlength = strlen(perl_code);\ndata = string(http_POST, length ,\"\\r\\n\\r\\n\", perl_code);\nrcv = http_keepalive_send_recv(port:port, data:data);\nif(!rcv) exit(0);\n\nif(\"Nessus=84\" >< rcv)\n{\n\tsecurity_hole(port);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}