ows_bin_cgi.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Noam Rathaus <noamr@securiteam.com>
#
# Changes by rd :
#
#	- script id
#	- french translation
#	- minor changes in the english description
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(10348);
 script_bugtraq_id(1053);
 script_version ("$Revision: 38 $");
 
 script_cve_id("CVE-2000-0169");
 name["english"] = "ows-bin";
 name["francais"] = "ows-bin";
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = " 
Oracle's Web Listener (a component of the Oracle Application Server),
is installed and can be used by a remote attacker to run arbitrary 
commands on the web server.

Read more about this hole at:
http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html


Solution : If 'ows-bin' is the default CGI directory used by the Oracle Application Server Manager,
then remove the ows-bin virtual directory or point it to a more benign directory.
If 'ows-bin' is not the default then verify that there are no batch files in this directory.

Risk factor : High";


  desc["francais"] = "
Oracle Web Listener (un composant de Oracle Application Server)
est install