GEN:SID | 1:805 |
Message | WEB-CGI webspeed access |
Summary | This event is generated when an attempt is made to exploit an authentication vulnerability in the WebSpeed WSIS Messenger Administration Utility.
|
Impact | Information gathering and system integrity. Unauthorized administrative access to the to the WebSpeed configuration utility can allow an attacker to view and change WebSpeed configuration, and possibly stop WebSpeed services.
|
Detailed Information | The WSIS Messenger Administration Utility is a web-based administration utility provided with the Progress WebSpeed 3.0 development environment and transaction server. It allows WebSpeed administrators to remotely manage the WebSpeed system. The configuration utility has a vulnerability that allows unauthenticated users to configure services when the WSMAdmin function is invoked using wsisa.dll.
|
Affected Systems | Any system running Progress WebSpeed 3.0 WSIS Messenger Administration Utility.
|
Attack Scenarios | An attacker can access the WSIS Messenger Administration Utility, which can then be used to view and change WebSpeed configuration. The attacker can potentially stop WebSpeed services.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Disable the WSIS Messenger Administration Utility.
Install the appropriate patch. Patches can be found at http://www.progress.com/patches/patchlst/availpatche.html.
Disallow access to the WSIS Messenger Administration Utilility from sources external to the protected network.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/969
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127
|
Rule References | arachnids: 467
bugtraq: 969
cve: 2000-0127
nessus: 10304
|