[Openvas-discuss] Double output in html

chris framheim at gmx.de
Thu Sep 1 13:59:13 CEST 2011


Same with this text, 3 times in the output, all the same, all controlled
with diff!

Chris

---8<---
Vulnerability found on port http (80/tcp)

        
        
        Overview: This host is running DokuWiki and is prone to Local
        File Inclusion
        vulnerability.
        
        Vulnerability Insight:
        The flaw is due to error in 'config_cascade[main][default][]'
        parameter in
        'inc/init.php' is not properly verified before being used to
        include files
        to 'doku.php'.
        
        Impact:
        Successful exploitation will let the attacker to include and
        execute arbitrary
        files from local and external resources, and can gain sensitive
        information
        about remote system directories when register_globals is
        enabled.
        
        Impact level: Application/System
        
        Affected Software/OS:
        DoKuWiki version prior to 2009-02-14b on Linux.
        
        Fix: Upgarde to version 2009-02-14b or later.
        http://www.dokuwiki.org/dokuwiki
        
        References:
        http://secunia.com/advisories/35218
        http://www.milw0rm.com/exploits/8812
        http://www.milw0rm.com/exploits/8781
        http://bugs.splitbrain.org/index.php?do=details&task_id=1700
        
        CVSS Score:
        CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
        CVSS Temporal Score : 7.3
        Risk factor: High
        CVE : CVE-2009-1960
        BID : 35095
        OID : 1.3.6.1.4.1.25623.1.0.800582
---8<---
Am Donnerstag, den 01.09.2011, 13:53 +0200 schrieb chris:
> Hello maintainers,
> 
> since feedback is appreciated, here could be another bug.
> Found that twice in the output, I diffed them and they are exactly the
> same.
> 
> # aptitude show openvas-server openvas-scanner | grep -i version
> Version: 2.0.3-3
> Version: 3.2.4-1
> 
> Used the client 2.0.5 on Ubuntu again.
> 





More information about the Openvas-discuss mailing list