Summary
This host is installed with JobScheduler
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attacker to gain access to arbitrary files, execute arbitrary HTML and script code or cause a denial of service.
Impact Level: Application
Solution
Upgrade to version 1.6.4246 or 1.7.4241 or later,
For updates refer http://www.sos-berlin.com/modules/cjaycontent/index.php?id=osource_scheduler_introduction_en.htm
Insight
Multiple flaws are due to,
- An incorrectly configured XML parser accepting XML external entities from an untrusted source.
- Improper validation of input before returning it to users, specifically path traversal style attacks (e.g. '../').
Affected
JobScheduler version before 1.6.4246 and
7.x before 1.7.4241.
Detection
Send a crafted request via HTTP POST and
check whether it is able to read arbitrary file or not.
References
Severity
Classification
-
CVE CVE-2014-5391, CVE-2014-5392, CVE-2014-5393 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:N/A:P
Related Vulnerabilities