WebConnect Multiple Remote Vulnerabilities (deprecated)

high Nessus Network Monitor Plugin ID 2639

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running OpenConnect WebConnect. WebConnect is a web-based graphical user interface that gives remote users console access to mainframe, midrange, and Unix systems. WebConnect can be used to launch a Java-based telnet console that communicates over the HTTP protocol. This version of WebConnect is vulnerable to several remote attacks. The impact of the attack ranges from Denial of Service (DoS) to data compromise. An attacker exploiting these flaws would only need to be able to send HTTP requests to the web server. Successful exploitation would result in compromise of data or loss of availability.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2639

Family: CGI

Published: 2/22/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C

Reference Information

CVE: CVE-2004-0465, CVE-2004-0466

BID: 12613

Detections

Analytics