Vulnerabilities > CVE-2004-2274 - Remote URI Parsing vulnerability in W3C Jigsaw

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

w3c

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.

Vulnerable Configurations

Part	Description	Count
Application	W3C W3C Jigsaw 2.0 W3C Jigsaw 2.0.1 W3C Jigsaw 2.0.2 W3C Jigsaw 2.0.3 W3C Jigsaw 2.0.4 W3C Jigsaw 2.0.5 W3C Jigsaw 2.1 W3C Jigsaw 2.1.1 W3C Jigsaw 2.1.2 W3C Jigsaw 2.2 W3C Jigsaw 2.2.1 W3C Jigsaw 2.2.2 W3C Jigsaw 2.2.3	13

Nessus

NASL family	Web Servers
NASL id	JIGSAW_2_2_4.NASL
description	According to its banner, the remote version of Jigsaw web server has an unspecified vulnerability related to the way it parses URIs.
last seen	2020-06-01
modified	2020-06-02
plugin id	12071
published	2004-02-22
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12071
title	Jigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(12071); script_version("1.16"); script_cve_id("CVE-2004-2274"); script_bugtraq_id(9711); script_name(english:"Jigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability"); script_summary(english:"Checks for version of Jigsaw"); script_set_attribute( attribute:"synopsis", value:"The remote web server has an unspecified vulnerability." ); script_set_attribute( attribute:"description", value: "According to its banner, the remote version of Jigsaw web server has an unspecified vulnerability related to the way it parses URIs." ); script_set_attribute( attribute:"see_also", value:"http://www.w3.org/Jigsaw/RelNotes.html#2.2.4" ); script_set_attribute( attribute:"solution", value:"Upgrade to Jigsaw 2.2.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); # details of this vuln are unknown...we'll assume worst case scenario script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/22"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/18"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); banner = get_http_banner(port: port); if(!banner)exit(0); if(egrep(pattern:"^Server: Jigsaw/([01]\.\|2\.([01]\.\|2\.[0-3][^0-9])).*", string:banner)) { security_hole(port); }

Summary

Vulnerable Configurations

Nessus

References