vqserver_web_traversal.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Noam Rathaus <noamr@securiteam.com>
#
# See the Nessus Scripts License for details
#
# Changes by rd :
#
#	- changed the request to GET / HTTP/1.0 (and not GET / HEAD/1.0)
#	- French translation
#	- script id
#	- changed family to Remote file access
#

if(description)
{
 script_id(10355);
 script_bugtraq_id(1067);
script_cve_id("CVE-2000-0240");
 script_version ("$Revision: 38 $");
 name["english"] = "vqServer web traversal vulnerability";
 name["francais"] = "vqServer web traversal vulnerability";
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "
vqSoft's vqServer web server (version 1.9.9 and below) has been detected.
This version contains a security vulnerability that allows attackers to request any file,
even if it is outside the HTML directory scope.

For more information:
http://www.securiteam.com/windowsntfocus/Some_Web_servers_are_still_vulnerable_to_the_dotdotdot_vulnerability.html

Solution:
Upgrade to the latest version, available from: http://www.vqsoft.com.

Risk factor : Medium";

 desc["francais"] = "
Le serveur web distant est un serveur vqServer de vqSoft,
d'une version plus ancienne (ou 間ale)