Detections
Analytics

Bandersnatch <= 0.4 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4149

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote server is running Bandersnatch, an open-source PHP application that generates Jabber usage statistics. This version of Bandersnatch is vulnerable to a flaw in the way that it parses multiple user-supplied variables. An attacker exploiting these flaws can inject script and SQL code that would be executed on the server with the permissions of the web server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.securityfocus.com/bid/25094

Plugin Details

Severity: Medium

ID: 4149

Family: CGI

Published: 7/31/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6.2

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:bandersnatch:bandersnatch

Reference Information

CVE: CVE-2007-3909, CVE-2007-3910

BID: 25094