Bonsai < 1.4 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 1584

Synopsis

The remote host has the CGI suite 'Bonsai' installed.

Description

The remote host has the CGI suite 'Bonsai' installed. This suite is used to navigate a CVS repository with a web browser. The remote Bonsai might be vulnerable to various flaws, including path disclosure, cross-site scripting and remote command execution.

Solution

Upgrade to the latest version of Bonsai.

Plugin Details

Severity: Critical

ID: 1584

Family: CGI

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11440

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:bonsai

Reference Information

CVE: CVE-2003-0152, CVE-2003-0153, CVE-2003-0154, CVE-2003-0155

BID: 5516, 5517