<plugin_id>194</plugin_id>
<plugin_name>Jerod Moemeka Xedus detection</plugin_name>
<plugin_family>HTTP</plugin_family>
<plugin_created_date>2004/09/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>4274</plugin_port>
<plugin_procedure_detection>open|send GET /testgetrequest.x?param='Attack%20Tool%20Kit' HTTP/1.0\n\n|sleep|close|pattern_exists Attack Tool Kit</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>Check is inspired by the Nessus plugin.</plugin_comment>
<bug_affected>Jerod Moemeka Xedus</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Directory Traversal</bug_vulnerability_class>
<bug_description>The remote host is running the Xedus web server which is a part of the peer-to-peer software. It provides the ability to share files, music, and any other media, as well as create robust and dynamic web sites, which can feature database access, file system access, with full .net support.</bug_description>
<bug_solution>You should install or upgrade the software to the latest version. See http://www.thinxoft.com for more details. Also limit unwanted connections and communications with firewalling if possible.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/11071/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>2</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>3</bug_impact>
<bug_risk>4</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check. The possibilities of exploiting this kind of vulnerabilities is well-known and well documented.</bug_check_tool>
<source_securityfocus_bid>11071</source_securityfocus_bid>
<source_nessus_id>14644</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>