Support
Eng
òÕÓ
Company
Home
Services
Security Assessment
Website Security Audit
Network Penetration Testing
Solutions
DataCenter GreenZone
Web Application Security
Vulnerability Assessment
Intrusion Protection System
Documentation
News and Events
Register
|
LogIn
Knowledgebase
Downloads
Glossary
Ask a Question
Search:
Advanced search
Please enter a keyword or ID
SHALB.com
/
Security Knowledgebase
/
Network Security
/
CGI abuses
/ whois_raw
server monitoring
whois_raw
Article ID: 10306
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 435
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
whois_raw
This script is Copyright (C) 1999 Renaud Deraison
Family
CGI abuses
Plugin ID
10306
Bugtraq ID
304
CVE ID
CVE-1999-1063
Description:
Synopsis :
The remote web server contains a CGI script that is prone to arbitrary
command execution attacks.
Description :
The remote host appears to be using the CdomainFree whois_raw.cgi
script.
This CGI script allows an attacker to view any file on the target
computer, as well as to execute arbitrary commands.
See also :
http://cert.uni-stuttgart.de/archive/bugtraq/1999/06/msg00007.html
Solution :
Upgrade to CdomainFree 2.5 or to one of the commercial versions.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
This article was:
Helpful
|
Not Helpful
Prev
Next
PHP Doc System index.php show Parameter Local File Inclusion
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
server monitoring
