Mozilla Bonsai Mutiple Flaws (Auth Bypass, XSS, Cmd Exec, PD)

critical Nessus Plugin ID 11440

Language:

Synopsis

The remote host contains a CGI which is vulnerable to multiple flaws allowing code execution and cross-site scripting attacks.

Description

The remote host has the CGI suite 'Bonsai' installed.

This suite is used to browse a CVS repository with a web browser.

The remote version of this software is to be vulnerable to various flaws ranging from path disclosure and cross-site scripting to remote command execution.

An attacker may exploit these flaws to temper with the integrity of the remote host.

Solution

Upgrade to the latest version of Bonsai

Plugin Details

Severity: Critical

ID: 11440

File Name: bonsai_flaws.nasl

Version: 1.29

Type: remote

Family: CGI abuses

Published: 3/22/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/20/2002

Reference Information

CVE: CVE-2003-0152, CVE-2003-0153, CVE-2003-0154, CVE-2003-0155

BID: 5516, 5517

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Detections

Analytics