|
|
|
|
|
|
|
| |
AppServ appserv/main.php appserv_root Variable Remote File Inclusion |
|
| This script is Copyright (C) 2006-2010 Tenable Network Security, Inc. |
|
|
| Family | CGI abuses |
| Nessus Plugin ID | 20383 (appserv_appserv_root_includes.nasl) |
| Bugtraq ID | 16166
|
| CVE ID | CVE-2006-0125
|
|
| Description: |
Synopsis :
The remote web server is prone to a remote file inclusion
vulnerability.
Description :
The remote host appears to be running AppServ, a compilation of
Apache, PHP, MySQL, and phpMyAdmin for Windows and Linux.
The version of AppServ installed on the remote host fails to sanitize
user-supplied input to the 'appserv_root' parameter of the
'appserv/main.php' script before using it in a PHP 'include' function.
An unauthenticated attacker can exploit this flaw to run arbitrary
code, possibly taken from third-party hosts, subject to the privileges
of the web server user id. Note that AppServ under Windows runs with
SYSTEM privileges, which means an attacker can gain complete control
of the affected host.
Solution :
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
|
|
|
|
|
|
