ELOG < 2.5.7 Unspecified Remote Buffer Overflows

high Nessus Network Monitor Plugin ID 2618

Synopsis

The remote host is vulnerable to multiple remote buffer overflows.

Description

The remote server is running ELOG, an open source logbook web application. This version of ELOG is reported to be prone to multiple remote overflows. An attacker exploiting these alleged flaws would be able to execute code on the remote webserver.

Solution

Upgrade to ELOG 2.5.7 or higher.

See Also

http://midas.psi.ch/elogs/Forum/941

http://midas.psi.ch/elog

Plugin Details

Severity: High

ID: 2618

Family: CGI

Published: 2/15/2005

Updated: 3/6/2019

Nessus ID: 16469

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:stefan_ritt:elog_web_logbook

Reference Information

CVE: CVE-2005-0439, CVE-2005-0440

BID: 12556, 12639, 12640