Vulnerabilities > CVE-2001-0835 - Unspecified vulnerability in Bradford Barrett Webalizer

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bradford-barrett
nessus
NVD
Published: 2001-12-06
Updated: 2017-12-19

Summary

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Vulnerable Configurations

Part Description Count
Application
Bradford_Barrett
1

Nessus

NASL familyCGI abuses : XSS
NASL idWEBALIZER.NASL
descriptionWebalizer, a web server log analysis application, was detected on the remote host. This version of Webalizer has multiple cross-site scripting vulnerabilities that could allow malicious HTML tags to be injected in the reports.
last seen2020-06-01
modified2020-06-02
plugin id10816
published2001-12-03
reporterThis script is Copyright (C) 2001-2018 Alert4Web.com
sourcehttps://www.tenable.com/plugins/nessus/10816
titleWebalizer < 2.01-09 Multiple XSS
code
#
# This script was written by Georges Dagousset <[email protected]>
#

# See the Nessus Scripts License for details
#
# Changes by Tenable:
# - Revised plugin family (12/19/2008)
# - Revised plugin title (12/19/2008)
# - Revised description (12/19/2008)
# - Revised plugin title (6/2/2009)

include("compat.inc");

if(description)
{
 script_id(10816); 
 script_version("1.24");
 script_cve_id("CVE-2001-0835");
 script_bugtraq_id(3473);

 script_name(english:"Webalizer < 2.01-09 Multiple XSS");
  script_set_attribute(
    attribute:"synopsis",
    value:
"A web application on the remote host has multiple cross-site
scripting vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Webalizer, a web server log analysis application, was detected on the
remote host.  This version of Webalizer has multiple cross-site
scripting vulnerabilities that could allow malicious HTML tags to be
injected in the reports."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://seclists.org/bugtraq/2001/Oct/223"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Version 2.01-09 and change the directory in 'OutputDir'."
  );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/12/03");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/10/24");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

 script_summary(english:"Checks for the Webalizer version");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2020 Alert4Web.com");
 script_family(english:"CGI abuses : XSS");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");


dir[0] = "/usage/";	#Standard directory
dir[1] = "/webalizer/";	#Popular directory

port = get_http_port(default:80, embedded:TRUE);


if (get_port_state(port))
{
 for (i = 0; dir[i] ; i = i + 1)
 {
  req = http_get(item:dir[i], port:port);
  buf = http_keepalive_send_recv(port:port, data:req);
  if ("Generated by The Webalizer" >< buf)
   {
    if (egrep(pattern:"Generated by The Webalizer  Ver(\.|sion) ([01]\.|2\.00|2\.01( |\-0[0-6]))", string:buf))
    {
     security_warning(port:port);
     set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
    }
    exit(0);
   }
 }
}

Redhat

advisories
  • rhsa
    idRHSA-2001:140
  • rhsa
    idRHSA-2001:141

References