| VID |
21080 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'search.cgi' cgi is installed.
This CGI comes with the SolutionScripts Home Free package, and Home Free is a collection of free CGI Perl scripts for Windows NT and Unix systems. A vulnerability in the search.cgi program allows anyone to read arbitrary files with the privileges of the http daemon (root or nobody) by the following request:
GET /cgi-bin/search.cgi?letter=\\..\\..\\..\\file_to_read
* BUGTRAQ:20000104 Another search.cgi vulnerability |
| Recommendation |
No remedy available as of June 2014. Remove the search.cgi file from /cgi-bin directory. |
| Related URL |
CVE-2000-0054 (CVE) |
| Related URL |
921 (SecurityFocus) |
| Related URL |
3882 (ISS) |
|
