[Openvas-commits] r3249 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed May 6 10:13:24 CEST 2009


Author: chandra
Date: 2009-05-06 10:13:21 +0200 (Wed, 06 May 2009)
New Revision: 3249

Removed:
   trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl
   trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/axigen_34716.nasl
Log:
Deleted duplicate scripts

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-06 06:04:28 UTC (rev 3248)
+++ trunk/openvas-plugins/ChangeLog	2009-05-06 08:13:21 UTC (rev 3249)
@@ -1,5 +1,13 @@
 2009-05-06 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_axigen_mail_server_xss_vuln.nasl,
+	scripts/gb_axigen_mail_server_detect.nasl:
+	Deleted as the scripts already existed
+
+	* scripts/axigen_34716.nasl:
+	Included CVE
+
+2009-05-06 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_axigen_mail_server_xss_vuln.nasl,
 	scripts/gb_axigen_mail_server_detect.nasl,
 	scripts/secpod_xitami_server_detect.nasl,
 	scripts/secpod_xpdf_mult_vuln.nasl,

Modified: trunk/openvas-plugins/scripts/axigen_34716.nasl
===================================================================
--- trunk/openvas-plugins/scripts/axigen_34716.nasl	2009-05-06 06:04:28 UTC (rev 3248)
+++ trunk/openvas-plugins/scripts/axigen_34716.nasl	2009-05-06 08:13:21 UTC (rev 3249)
@@ -27,6 +27,7 @@
 if (description)
 {
  script_id(100177);
+ script_cve_id("CVE-2009-1484");
  script_bugtraq_id(34716);
  script_version ("1.0");
 

Deleted: trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl	2009-05-06 06:04:28 UTC (rev 3248)
+++ trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl	2009-05-06 08:13:21 UTC (rev 3249)
@@ -1,75 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id: gb_axigen_mail_server_detect.nasl 2053 2009-05-05 20:07:05Z may $
-#
-# Axigen Mail Server Version Detection
-#
-# Authors:
-# Antu Sanadi <santu at secpod.com>
-#
-# Copyright:
-# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-##############################################################################
-
-if(description)
-{
-  script_id(800603);
-  script_version("$Revision: 1.0 $");
-  script_name(english:"Axigen Mail Server Version Detection");
-  desc["english"] = "
-
-  Overview: The script detects the installed version of Axigen Mail
-  Server and sets the result in KB.
-
-  Risk factor: Informational";
-
-  script_description(english:desc["english"]);
-  script_summary(english:"Sets KB for the version of Axigen Mail Server");
-  script_category(ACT_GATHER_INFO);
-  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
-  script_family(english:"Service detection");
-  script_dependencies("find_service.nes", "http_version.nasl");
-  script_require_ports("Services/www", 9000);
-  exit(0);
-}
-
-
-include("http_func.inc");
-
-axigenPort = get_http_port(default:9000);
-
-if(!axigenPort){
-  axigenPort = 9000;
-}
-
-if(!get_port_state(axigenPort)){
-  exit(0);
-}
-
-request = http_get(item:string("/"), port:axigenPort);
-rcvRes = http_send_recv(port:axigenPort, data:request);
-
-if(rcvRes != NULL && "Axigen-Webadmin" >< rcvRes)
-{
-  axigenVer = eregmatch(pattern:"AXIGEN WebAdmin ([0-9.]+)",
-                        string:rcvRes);
-
-  if(axigenVer[1] != NULL)
-  {
-    set_kb_item(name:"www/" + axigenPort + "/AxigenMailServer",
-                value:axigenVer[1]);
-  }
-}

Deleted: trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl	2009-05-06 06:04:28 UTC (rev 3248)
+++ trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl	2009-05-06 08:13:21 UTC (rev 3249)
@@ -1,88 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id: gb_axigen_mail_server_xss_vuln.nasl 2053 2009-05-05 17:05:29Z may $
-#
-# Axigen Mail Server Cross-Site Scripting Vulnerability
-#
-# Authors:
-# Antu Sanadi <santu at secpod.com>
-#
-# Copyright:
-# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-if(description)
-{
-  script_id(800604);
-  script_version("$Revision: 1.0 $");
-  script_cve_id("CVE-2009-1484");
-  script_bugtraq_id(34716);
-  script_name(english:"Axigen Mail Server Cross-Site Scripting Vulnerability");
-  desc["english"] = "
-
-  Overview:
-  The host is running Axigen Mail Server and is prone to Cross-Site Scripting
-  Vulnerability.
-
-  Vulnerability Insight:
-  The flaw is caused due to improper sanitization of user-supplied input passed
-  within the e-mail messages.
-
-  Impact:
-  Successful exploitation will allows the attacker to steal cookie-based
-  authentication credentials by injecting HTML and script code on a affected
-  application.
-
-  Affected Software/OS:
-  Axigen Mail Server Version 6.2.2 and prior.
-
-  Fix: Upgrade to version 7.1.0 or later
-  http://www.axigen.com/mail-server/download/
-
-  References:
-  http://secunia.com/advisories/34402
-
-  CVSS Score:
-    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
-    CVSS Temporal Score : 3.2
-  Risk factor : Medium";
-
-  script_description(english:desc["english"]);
-  script_summary(english:"Check for the version of Axigen Mail Server");
-  script_category(ACT_GATHER_INFO);
-  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
-  script_family(english:"Web application abuses");
-  script_dependencies("gb_axigen_mail_server_detect.nasl");
-  script_require_ports("Services/www", 9000);
-  exit(0);
-}
-
-
-include("http_func.inc");
-include("version_func.inc");
-
-axigenPort = get_http_port(default:9000);
-if(!axigenPort){
-  exit(0);
-}
-
-axigenVer = get_kb_item("www/" + axigenPort + "/AxigenMailServer");
-if(axigenVer != NULL)
-{
-  if(version_is_less_equal(version:axigenVer, test_version:"6.2.2")){
-    security_warning(axigenPort);
-  }
-}



More information about the Openvas-commits mailing list