| VID |
21036 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "dfire.cgi" CGI is installed in the web server. This is a CGI in the Dragon-Fire IDS and has a well known security flaw that lets anyone execute arbitrary commands using Shell metacharacter with the privileges of the http daemon (root or nobody).
¡Ø BUGTRAQ:19990804 NSW Dragon Fire gets downloaded
* References:
http://www.securityfocus.com/bid/564 |
| Recommendation |
Remove a dfire.cgi from the /cgi-bin directory |
| Related URL |
CVE-1999-0913 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
