|
|
Family: CGI abuses --> Category: attack
Serendipity XML-RPC for PHP Remote Code Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for XML-RPC for PHP remote code injection vulnerability in Serendipity
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to a remote
code injection attack.
Description :
The version of Serendipity installed on the remote host is prone to
remote code execution due to a failure of its bundled XML-RPC library
to sanitize user-supplied input to the 'serendipity_xmlrpc.php'
script. This flaw may allow attackers to execute code remotely
subject to the rights of the web server userid.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-06/0283.html
http://www.hardened-php.net/advisory-022005.php
http://blog.s9y.org/archives/36-CRITICAL-BUGFIX-RELEASE-Serendipity-0.8.2.html
Solution :
Upgrade to Serendipity version 0.8.2 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
