AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

NASLDB: AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

General

ID: 20383
Name: AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

Summary: Checks for appserv_root parameter remote file include vulnerability in AppServ

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:H/RL:W/RC:ND

Port: 80
Family: CGI abuses
Type: Remote

Description

The remote host appears to be running AppServ, a compilation of
Apache, PHP, MySQL, and phpMyAdmin for Windows and Linux.

The version of AppServ installed on the remote host fails to sanitize
user supplied input to the ‘appserv_root’ parameter of the
‘appserv/main.php’ script before using it in a PHP ‘include’ function.
An unauthenticated attacker can exploit this flaw to run arbitrary
code, possibly taken from third-party hosts, subject to the privileges
of the web server user id. Note that AppServ under Windows runs with
SYSTEM privileges, which means an attacker can gain complete control
of the affected host.