Details of VAR-200902-0038

ID

VAR-200902-0038

CVE

CVE-2009-0474

TITLE

Rockwell Automation GoAhead Webserver ASP Script File Source Code Leak Vulnerability

Trust: 0.8

sources: IVD: b36a9704-23cc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200902-141

DESCRIPTION

The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. By adding some URL encoding characters after ASP files, such as \'\'\\%00, \\%2f, \\%5c, /\'\', it will cause The server program returns information containing source code data to the attacker. Attackers can use this information to further attack the system. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: ControlLogix 1756-ENTB/A Ethernet/IP Bridge Vulnerabilities SECUNIA ADVISORY ID: SA33783 VERIFY ADVISORY: http://secunia.com/advisories/33783/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: ControlLogix 1756-ENTB/A Ethernet/IP Bridge http://secunia.com/advisories/product/21337/ DESCRIPTION: Some vulnerabilities and a weakness have been reported in ControlLogix 1756-ENTB/A Ethernet/IP Bridge, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose potentially sensitive information. 1) Certain unspecified input passed to the web interface is not properly sanitised before being returned to the user. SOLUTION: A fixed firmware version is scheduled for release July, 2009. Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: 1) US-CERT credits Daniel Peck of Digital Bond, Inc. 2) Reported by the vendor. ORIGINAL ADVISORY: US-CERT VU#882619: http://www.kb.cert.org/vuls/id/882619 Rockwell Automation: http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.68

sources: NVD: CVE-2009-0474 // CERT/CC: VU#882619 // CERT/CC: VU#975041 // CERT/CC: VU#124059 // JVNDB: JVNDB-2009-005802 // BID: 33638 // BID: 9239 // IVD: b36a9704-23cc-11e6-abef-000c29c66e3d // VULHUB: VHN-37920 // PACKETSTORM: 74765

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: b36a9704-23cc-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	rockwell automation	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	controllogix 1756-enbt\/a ethernet\/ ip bridge	scope:	eq	version:	-	Trust: 1.6
vendor:	goahead	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	logix automation controllogix 1756-enbt/a ethernet/ip bridge	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation controllogix 1756-enbt/a ethernet/ip bridge	scope:	eq	version:	0	Trust: 0.6
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.0	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	ne	version:	2.1.8	Trust: 0.3
vendor:	controllogix 1756 enbt a ethernet ip bridge	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: b36a9704-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#882619 // CERT/CC: VU#124059 // BID: 33638 // BID: 9239 // JVNDB: JVNDB-2009-005802 // CNNVD: CNNVD-200902-141 // NVD: CVE-2009-0474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0474
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#882619
value:	0.05
Trust: 0.8
CARNEGIE MELLON:	VU#975041
value:	1.91
Trust: 0.8
CARNEGIE MELLON:	VU#124059
value:	0.06
Trust: 0.8
NVD:	CVE-2009-0474
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200902-141
value:	MEDIUM
Trust: 0.6
IVD:	b36a9704-23cc-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-37920
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0474
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	b36a9704-23cc-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-37920
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: b36a9704-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#882619 // CERT/CC: VU#975041 // CERT/CC: VU#124059 // VULHUB: VHN-37920 // JVNDB: JVNDB-2009-005802 // CNNVD: CNNVD-200902-141 // NVD: CVE-2009-0474

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-37920 // JVNDB: JVNDB-2009-005802 // NVD: CVE-2009-0474

THREAT TYPE

network

Trust: 0.6

sources: BID: 33638 // BID: 9239

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200902-141

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005802

PATCH

title:

Top Page

url:

http://www.rockwellautomation.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005802

EXTERNAL IDS

db:	CERT/CC	id:	VU#124059	Trust: 3.6
db:	NVD	id:	CVE-2009-0474	Trust: 3.0
db:	CERT/CC	id:	VU#975041	Trust: 1.9
db:	SECUNIA	id:	33783	Trust: 1.9
db:	VUPEN	id:	ADV-2009-0347	Trust: 1.7
db:	CERT/CC	id:	VU#882619	Trust: 1.2
db:	CNNVD	id:	CNNVD-200902-141	Trust: 0.9
db:	EXPLOIT-DB	id:	12815	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-005802	Trust: 0.8
db:	BID	id:	33638	Trust: 0.3
db:	BID	id:	9239	Trust: 0.3
db:	IVD	id:	B36A9704-23CC-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-37920	Trust: 0.1
db:	PACKETSTORM	id:	74765	Trust: 0.1

sources: IVD: b36a9704-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#882619 // CERT/CC: VU#975041 // CERT/CC: VU#124059 // VULHUB: VHN-37920 // BID: 33638 // BID: 9239 // JVNDB: JVNDB-2009-005802 // PACKETSTORM: 74765 // CNNVD: CNNVD-200902-141 // NVD: CVE-2009-0474

REFERENCES

url:	http://www.kb.cert.org/vuls/id/124059	Trust: 2.8
url:	http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729	Trust: 2.4
url:	http://www.kb.cert.org/vuls/id/rgii-7mwkz3	Trust: 1.7
url:	http://secunia.com/advisories/33783	Trust: 1.7
url:	http://rockwellautomation.custhelp.com/app/answers/detail/a_id/57729	Trust: 1.6
url:	http://www.ab.com/networks/architectures.html	Trust: 1.6
url:	http://data.goahead.com/software/webserver/2.1.8/release.htm#bug-with-urls-like-asp	Trust: 1.6
url:	http://aluigi.altervista.org/adv/goahead-adv3.txt	Trust: 1.6
url:	http://www.kb.cert.org/vuls/id/975041	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2009/0347	Trust: 1.1
url:	http://en.wikipedia.org/w/index.php?title=cross-site_scripting&oldid=268497783	Trust: 0.8
url:	http://www.procheckup.com/security_info/vuln_pr0213.html	Trust: 0.8
url:	http://web.archive.org/web/20030110134751/http://www.procheckup.com/security_info/vuln_pr0213.html	Trust: 0.8
url:	http://data.goahead.com/software/webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518	Trust: 0.8
url:	http://www.nerc.com/fileuploads/file/events%20analysis/a-2009-02-13-01.pdf	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=goahead+web+server	Trust: 0.8
url:	http://www.exploit-db.com/exploits/12815/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0474	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0474	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2009/0347	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/882619	Trust: 0.4
url:	http://www.rockwellautomation.com/	Trust: 0.3
url:	http://www.goahead.com/webserver/webserver.htm	Trust: 0.3
url:	/archive/1/347805	Trust: 0.3
url:	http://secunia.com/advisories/product/21337/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/33783/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#882619 // CERT/CC: VU#975041 // CERT/CC: VU#124059 // VULHUB: VHN-37920 // BID: 33638 // BID: 9239 // JVNDB: JVNDB-2009-005802 // PACKETSTORM: 74765 // CNNVD: CNNVD-200902-141 // NVD: CVE-2009-0474

CREDITS

Luigi Auriemma※ aluigi@pivx.com

Trust: 0.6

sources: CNNVD: CNNVD-200902-141

SOURCES

db:	IVD	id:	b36a9704-23cc-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#882619
db:	CERT/CC	id:	VU#975041
db:	CERT/CC	id:	VU#124059
db:	VULHUB	id:	VHN-37920
db:	BID	id:	33638
db:	BID	id:	9239
db:	JVNDB	id:	JVNDB-2009-005802
db:	PACKETSTORM	id:	74765
db:	CNNVD	id:	CNNVD-200902-141
db:	NVD	id:	CVE-2009-0474

LAST UPDATE DATE

2024-08-14T13:49:48.768000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#882619	date:	2011-05-12T00:00:00
db:	CERT/CC	id:	VU#975041	date:	2010-01-11T00:00:00
db:	CERT/CC	id:	VU#124059	date:	2010-06-22T00:00:00
db:	VULHUB	id:	VHN-37920	date:	2011-03-08T00:00:00
db:	BID	id:	33638	date:	2009-02-09T20:18:00
db:	BID	id:	9239	date:	2009-02-19T21:47:00
db:	JVNDB	id:	JVNDB-2009-005802	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200902-141	date:	2009-02-26T00:00:00
db:	NVD	id:	CVE-2009-0474	date:	2011-03-08T03:18:33.673

SOURCES RELEASE DATE

db:	IVD	id:	b36a9704-23cc-11e6-abef-000c29c66e3d	date:	2003-12-17T00:00:00
db:	CERT/CC	id:	VU#882619	date:	2009-02-05T00:00:00
db:	CERT/CC	id:	VU#975041	date:	2002-12-17T00:00:00
db:	CERT/CC	id:	VU#124059	date:	2009-02-05T00:00:00
db:	VULHUB	id:	VHN-37920	date:	2009-02-06T00:00:00
db:	BID	id:	33638	date:	2009-02-05T00:00:00
db:	BID	id:	9239	date:	2003-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2009-005802	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	74765	date:	2009-02-09T08:44:35
db:	CNNVD	id:	CNNVD-200902-141	date:	2003-12-17T00:00:00
db:	NVD	id:	CVE-2009-0474	date:	2009-02-06T19:30:00.610