Vulnerabilities > CVE-2004-2274 - Unspecified vulnerability in W3C Jigsaw

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
w3c
nessus
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.

Vulnerable Configurations

Part Description Count
Application
W3C
13

Nessus

NASL familyWeb Servers
NASL idJIGSAW_2_2_4.NASL
descriptionAccording to its banner, the remote version of Jigsaw web server has an unspecified vulnerability related to the way it parses URIs.
last seen2020-06-01
modified2020-06-02
plugin id12071
published2004-02-22
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12071
titleJigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(12071);
 script_version("1.16");
 script_cve_id("CVE-2004-2274");
 script_bugtraq_id(9711);

 script_name(english:"Jigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability");
 script_summary(english:"Checks for version of Jigsaw");

 script_set_attribute(
   attribute:"synopsis",
   value:"The remote web server has an unspecified vulnerability."
 );
 script_set_attribute( attribute:"description",  value:
"According to its banner, the remote version of Jigsaw web server has
an unspecified vulnerability related to the way it parses URIs." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to Jigsaw 2.2.4 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 # details of this vuln are unknown...we'll assume worst case scenario
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/02/18");
 script_cvs_date("Date: 2018/07/12 19:01:16");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Web Servers");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);

 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
banner = get_http_banner(port: port);
if(!banner)exit(0);
 
if(egrep(pattern:"^Server: Jigsaw/([01]\.|2\.([01]\.|2\.[0-3][^0-9])).*", string:banner))
 {
   security_hole(port);
 }

References