Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:805 |
Message | WEB-CGI webspeed access |
Summary | This event is generated when an attempt is made to exploit an authentication vulnerability in the WebSpeed WSIS Messenger Administration Utility. |
Impact | Information gathering and system integrity. Unauthorized administrative access to the to the WebSpeed configuration utility can allow an attacker to view and change WebSpeed configuration, and possibly stop WebSpeed services. |
Detailed Information | The WSIS Messenger Administration Utility is a web-based administration utility provided with the Progress WebSpeed 3.0 development environment and transaction server. It allows WebSpeed administrators to remotely manage the WebSpeed system. The configuration utility has a vulnerability that allows unauthenticated users to configure services when the WSMAdmin function is invoked using wsisa.dll. |
Affected Systems | Any system running Progress WebSpeed 3.0 WSIS Messenger Administration Utility. |
Attack Scenarios | An attacker can access the WSIS Messenger Administration Utility, which can then be used to view and change WebSpeed configuration. The attacker can potentially stop WebSpeed services. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | Disable the WSIS Messenger Administration Utility. Install the appropriate patch. Patches can be found at http://www.progress.com/patches/patchlst/availpatche.html. Disallow access to the WSIS Messenger Administration Utilility from sources external to the protected network. |
Additional References | Bugtraq http://www.securityfocus.com/bid/969 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127 |
Rule References | arachnids: 467 bugtraq: 969 cve: 2000-0127 nessus: 10304 |
--
DID:114581
--
http://www.aanval.com/