Vulnerabilities > CVE-2000-0623 - Buffer Overflow vulnerability in Oreilly Website Professional 2.3.18/2.4/2.4.9

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oreilly
critical
nessus

Summary

Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.

Nessus

NASL familyCGI abuses
NASL idWEBSITEPRO_OVERFLOW.NASL
descriptionThe remote web server is WebSitePro < 2.5. There are remotely-exploitable buffer overflow vulnerabilities in releases of WebSitePro prior to 2.5.
last seen2020-06-01
modified2020-06-02
plugin id10476
published2000-07-22
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10476
titleWebsitePro Remote Request Overflow
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10476);
 script_bugtraq_id(1492);
 script_cve_id("CVE-2000-0623");
 script_version ("1.30");
 
 script_name(english:"WebsitePro Remote Request Overflow");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by remote buffer overflows." );
 script_set_attribute(attribute:"description", value:
"The remote web server is WebSitePro < 2.5.

There are remotely-exploitable buffer overflow vulnerabilities in
releases of WebSitePro prior to 2.5." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Jul/271");
 script_set_attribute(attribute:"solution", value:
"Upgrade to WebSitePro 2.5 or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2000/07/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/07/19");
 script_cvs_date("Date: 2018/11/15 20:50:19");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 
 summary["english"] = "Checks for WebSitePro";
 
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 script_require_keys("www/websitepro");
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

banner = get_http_banner(port:port);

if(banner)
{
  if(egrep(pattern:"Server: WebSitePro/2\.[0-4].*", string:banner))
     security_hole(port);
}