Detections
Analytics
Sawmill < 7.1.6 Multiple Vulnerabilities
medium Nessus Plugin ID 18507
Language:
Synopsis
An application running on the remote web server is affected by multiple vulnerabilities.Description
According to its version number, the Sawmill application running on the remote web server is affected by multiple vulnerabilities :- An unspecified flaw exists that allows an authenticated, remote attacker to gain administrative privileges.
(CVE-2005-1900)
- An unspecified flaw allows an authenticated, remote attacker to add an unauthorized license key.
(CVE-2005-1900)
- A cross-site scripting vulnerability exists due to improper validation of the username variable before submitting it to the Add User window. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2005-1901)
- A cross-site scripting vulnerability exists due to improper validation of the license key field before submitting it to the Licensing Page. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2005-1901)
Solution
Upgrade to Sawmill version 7.1.6 or later.See Also
Plugin Details
Severity: Medium
ID: 18507
File Name: sawmill_priv_escalation.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 6/17/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:sawmill:sawmill
Required KB Items: installed_sw/Sawmill
Exploit Ease: No exploit is required
Patch Publication Date: 6/2/2005
Vulnerability Publication Date: 6/2/2005
Reference Information
CVE: CVE-2005-1900, CVE-2005-1901