| VID |
21019 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'AnyForm2' cgi is installed.
This CGI has a security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). This is present in AnyForm2, version 2 of the AnyForm program by John Roberts. |
| Recommendation |
If it's not needed, remove the file from the CGI directory, or disable access or execute permission to the AnyForm2 script and upgrade to AnyForm version 3 or greater. |
| Related URL |
CVE-1999-0066 (CVE) |
| Related URL |
719 (SecurityFocus) |
| Related URL |
301 (ISS) |
|
