|
|
Family: CGI abuses --> Category: attack
ELOG < 2.6.1 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in ELOG < 2.6.1
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by multiple flaws.
Description :
The remote host appears to be using ELOG, a web-based electronic
logbook application.
The version of ELOG installed on the remote host fails to filter
directory traversal strings before processing GET requests. An
attacker can exploit this issue to retrieve the contents of arbitrary
files from the remote host, subject to the rights under which ELOG
runs.
In addition, the application is reportedly affected by a format string
vulnerability in the 'write_logfile'. Provided logging is enabled, an
attacker may be able to exploit this via the 'uname' parameter of the
login form to crash the application or execute arbitrary code
remotely.
See also :
http://midas.psi.ch/elogs/Forum/1608
Solution :
Upgrade to ELOG version 2.6.1 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
