| VID |
21029 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "classified.cgi" CGI is installed.
Classifieds is a free CGI script for handling classified ads on web pages. The 'classified.cgi' allows remote attackers to read arbitrary files via shell metacharacters, or to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
* References:
http://www.iss.net/security_center/static/3102.php |
| Recommendation |
Disable the classifieds.cgi script in your CGI-BIN directory until you can obtain and install an updated version that corrects this issue. |
| Related URL |
CVE-1999-0934,CVE-1999-0935 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
