MaxDB WebSQL < 7.5.00.18 Remote Overflow

critical Nessus Network Monitor Plugin ID 2528

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the MaxDB SAP Web server that includes an administrative CGI called WebSQL. It has been reported that there is a remote buffer overflow within the WebSQL logon form. Specifically, a large username is reported to trigger a buffer overflow. More generally, the existence of the WebSQL script indicates that regardless of the version, the site administrators have allowed remote plaintext administration of the server. An attacker can use anonymous access to gain information regarding configured databases, server name, physical path of files, and more.

Solution

Upgrade to version 7.5.00.18 or higher. In addition, use access control lists to block anonymous access to the webserver configuration pages.

See Also

http://www.mysql.com/products/maxdb

Plugin Details

Severity: Critical

ID: 2528

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mysql:maxdb

Reference Information

CVE: CVE-2005-0111

BID: 12265