Detections
Analytics

04WebServer Multiple Vulnerabilities (XSS, DoS, more)

medium Nessus Plugin ID 15713

Language:

Synopsis

The remote web server is susceptible to several forms of attack.

Description

The remote host is running a version of 04WebServer which is older than version 1.5. Such versions are affected by multiple vulnerabilities :
 - A cross-site scripting vulnerability in the Response_default.html script which could allow an attacker to execute arbitrary code in the user's browser.

 - A log file content injection vulnerability which could allow an attacker to insert false entries into the log file.

 - A DoS vulnerability caused by an attacker specifying a DOS device name in the request URL.

Solution

Upgrade to version 1.5 of this software.

See Also

https://seclists.org/bugtraq/2004/Nov/142

https://seclists.org/bugtraq/2004/Nov/197

http://attrition.org/pipermail/vim/2006-August/000978.html

http://www.security.org.sg/vuln/04webserver142.html

Plugin Details

Severity: Medium

ID: 15713

File Name: 04webserver.nasl

Version: 1.20

Type: remote

Family: Web Servers

Published: 11/13/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/11/2004

Reference Information

CVE: CVE-2004-1512, CVE-2004-1513, CVE-2004-1514

BID: 11652

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990