Microsoft BizTalk Server Multiple Remote Vulnerabilities

high Nessus Plugin ID 11638

Language:

Synopsis

The remote business process management service has multiple vulnerabilities.

Description

The remote host seems to be running Microsoft BizTalk server.

There are two flaws in this software that could allow an attacker to issue a SQL insertion attack or to execute arbitrary code on the remote host.

Note that Nessus solely relied on the presence of a Biztalk DLL to issue this alert so it might be a false positive.

Solution

Apply the relevant patches referenced in Microsoft Security Bulletin MS03-016.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-016

Plugin Details

Severity: High

ID: 11638

File Name: biztalk_flaws.nasl

Version: 1.33

Type: remote

Family: CGI abuses

Published: 5/20/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/30/2003

Reference Information

CVE: CVE-2003-0117, CVE-2003-0118

BID: 7469, 7470

MSFT: MS03-016

MSKB: 815206

SECUNIA: 8707