| VID |
21039 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
edit.pl CGI is installed at the corresponding server. If this CGI is the one provided by the freestats.com, it is necessary to take action after going through verification. That is because all account information can be viewed and editing is also possible by clicking the "CLICK HERE TO EDIT YOUR USER PROFILE & COUNTER INFO" item.
* References:
http://www.securityfocus.com/bid/2713
http://www.packetstormsecurity.org/new-exploits/freestats-cgi.txt
http://seclists.org/bugtraq/1998/Nov/262 |
| Recommendation |
Remove the edit.pl file inside the cgi-bin directory. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
