Vulnerabilities > CVE-2001-1150 - Unspecified vulnerability in Trend Micro Officescan and Virus Buster

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
trend-micro
nessus
NVD
Published: 2001-08-22
Updated: 2008-09-05

Summary

Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.

Vulnerable Configurations

Part Description Count
Application
Trend_Micro
5

Nessus

NASL familyCGI abuses
NASL idCGIWEBUPDATE.NASL
descriptionThe CGI
last seen2020-06-01
modified2020-06-02
plugin id11722
published2003-06-11
reporterThis script is Copyright (C) 2003-2018 John Lampe
sourcehttps://www.tenable.com/plugins/nessus/11722
titleTrend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
code
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#

include("compat.inc");

if (description)
{
 script_id(11722);
 script_version("1.23");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

 script_cve_id("CVE-2001-1150");
 script_bugtraq_id(3216);

 script_name(english:"Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval");
 script_summary(english:"Checks for the cgiWebupdate.exe file");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a CGI application that is affected by
an information disclosure vulnerability.");
 script_set_attribute(attribute:"description", value:
"The CGI 'cgiWebupdate.exe' exists on this web server. Some versions of
this file are vulnerable to remote exploit.

An attacker can use this hole to gain access to confidential data or
escalate their privileges on the web server.

*** Note that Nessus solely relied on the existence of the ***
cgiWebupdate.exe file.");
 script_set_attribute(attribute:"solution", value:"Trend Micro has released a patch that addresses this issue.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/18");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2003-2020 John Lampe");
 script_family(english:"CGI abuses");

 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);

if(!get_port_state(port))exit(0);

flag = 0;
directory = "";

foreach dir (cgi_dirs()) {
   if(is_cgi_installed_ka(item:string(dir, "/cgiWebupdate.exe"), port:port)) {
  	security_warning(port);
	exit(0);
	}
   }

References