Vulnerabilities > CVE-2002-0893 - Unspecified vulnerability in NEW Atlanta Communications Servletexec Isapi 4.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

new-atlanta-communications

nessus

exploit available

NVD

Published: 2002-10-04

Updated: 2008-09-05

Summary

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.

Vulnerable Configurations

Part	Description	Count
Application	New_Atlanta_Communications NEW Atlanta Communications Servletexec Isapi 4.1	1

Exploit-Db

description	NewAtlanta ServletExec/ISAPI 4.1 File Disclosure Vulnerability. CVE-2002-0893. Remote exploit for windows platform
id	EDB-ID:21470
last seen	2016-02-02
modified	2002-05-22
published	2002-05-22
reporter	Matt Moore
source	https://www.exploit-db.com/download/21470/
title	NewAtlanta ServletExec/ISAPI 4.1 File Disclosure Vulnerability

Nessus

NASL family	CGI abuses
NASL id	SERVLETEXEC_FILE_READING.NASL
description	By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible (global.asa, for example.) When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages are returned. Text files can generally be read without problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	10959
published	2002-05-22
reporter	This script is Copyright (C) 2002-2018 Matt Moore
source	https://www.tenable.com/plugins/nessus/10959
title	ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access
code	# # This script was written by Matt Moore <[email protected]> # # Script audit and contributions from Carmichael Security # Erik Anderson <[email protected]> (nb: domain no longer exists) # Added BugtraqID and CAN # # See the Nessus Scripts License for details # # Changes by Tenable # # - Updated to use compat.inc, added CVSS score (11/20/2009) include("compat.inc"); if(description) { script_id(10959); script_version ("1.22"); script_cve_id("CVE-2002-0893"); script_bugtraq_id(4795); script_name(english:"ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Traversal Arbitrary File Access"); script_set_attribute(attribute:"synopsis", value: "The remote host has a script that is affected by an information disclosure vulnerability." ); script_set_attribute(attribute:"description", value: "By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible (global.asa, for example.) When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only fragments of these pages are returned. Text files can generally be read without problem." ); script_set_attribute(attribute:"solution", value: "Download Patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/ References: www.westpoint.ltd.uk/advisories/wp-02-0006.txt" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2002/05/22"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/05/22"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Tests for ServletExec File Reading"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2002-2020 Matt Moore"); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_require_ports("Services/www", 80); exit(0); } # Check starts here include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if(get_port_state(port)) { # Uses global.asa as target to retrieve. Could be improved to use output of webmirror.nasl req = http_get(item:"/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa", port:port); r = http_keepalive_send_recv(port:port, data:req); if ( ! r ) exit(0); confirmed = string("OBJECT RUNAT=Server"); if(confirmed >< r) security_warning(port); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References