[Openvas-commits] r12036 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Nov 7 19:05:41 CET 2011 

Author: mime
Date: 2011-11-07 19:05:35 +0100 (Mon, 07 Nov 2011)
New Revision: 12036

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_39710.nasl
Log:
Check for the vulnerability, not just for the version.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-07 17:29:01 UTC (rev 12035)
+++ trunk/openvas-plugins/ChangeLog	2011-11-07 18:05:35 UTC (rev 12036)
@@ -1,5 +1,10 @@
 2011-11-07  Michael Meyer <michael.meyer at greenbone.net>
 
+	* scripts/gb_JBoss_enterprise_aplication_server_39710.nasl:
+	Check for the vulnerability, not just for the version.
+
+2011-11-07  Michael Meyer <michael.meyer at greenbone.net>
+
 	* scripts/e107_detect.nasl,
 	scripts/sahana_detect.nasl,
 	scripts/nagios_detect.nasl,

Modified: trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_39710.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_39710.nasl	2011-11-07 17:29:01 UTC (rev 12035)
+++ trunk/openvas-plugins/scripts/gb_JBoss_enterprise_aplication_server_39710.nasl	2011-11-07 18:05:35 UTC (rev 12036)
@@ -53,7 +53,7 @@
  script_tag(name:"risk_factor", value:"Medium");
  script_description(desc);
  script_summary("Determine if remote JBoss Enterprise Application server version is vulnerable");
- script_category(ACT_GATHER_INFO);
+ script_category(ACT_ATTACK);
  script_family("Web Servers");
  script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
  script_dependencies("JBoss_enterprise_aplication_server_detect.nasl");
@@ -71,24 +71,42 @@
 
 if(!vers = get_kb_item(string("www/", port,"/jboss_enterprise_application_server")))exit(0);
 
-if(!isnull(vers) && vers >!< "unknown") {
+url = "/jmx-console";
+req = http_get(item:url, port:port);
+buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+if( buf == NULL ) exit(0);
 
-  if("GA_CP0" >< vers) {
-    version = eregmatch(pattern:"([0-9.]+)GA_CP0([1-9]+)", string: vers);
-    if(!isnull(version[2])) {
-      vers = version[1] + version[2];
-    }  
-  }  
-    
-  if("GA" >< vers)vers = vers - ".GA";
+if(buf =~ "HTTP/1.. [2|3]00")exit(0);
 
-  if(version_in_range(version: vers, test_version: "4.2", test_version2:"4.2.0.8") ||
-     version_in_range(version: vers, test_version: "4.3", test_version2:"4.3.0.7")) {
-      security_warning(port:port);
-      exit(0);
-  }
+url = "/jmx-console/checkJNDI.jsp";
+host = get_host_name();
 
-}
+req = string(
+	     "PUT ", url, " HTTP/1.0\r\n",
+	     "Host: ", host, "\r\n",
+	     "\r\n"
+	     );
 
+result = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+if( result =~ "HTTP/1.. 200" && ("JNDI Check</title>" >< result  && "JNDI Checking for host" >< result)) {
+
+  security_warning(port:port);
+  exit(0);
+
+}  
+
+url = "/status?full=true";
+req = http_get(item:url, port:port);
+buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+if( buf == NULL ) exit(0);
+
+if("<title>Tomcat Status</title>" >< buf && "Application list" >< buf && "Processing time:" >< buf) {
+
+  security_warning(port:port);
+  exit(0);
+
+}  
+
 exit(0);

More information about the Openvas-commits mailing list