| VID |
21088 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'AnyForm2' cgi is installed.
Textcounter is a popular tool for adding hit counters to web pages. A vulnerability exists in some versions of this program that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).
* References:
http://www.securityfocus.com/bid/2265
http://www.iss.net/security_center/static/2052.php |
| Recommendation |
If it's not needed, remove the file from the CGI directory, or users of the Perl version should upgrade to at least 1.2.1, and users of the C++ version should upgrade to at least 1.3.1 to fix this security problem. |
| Related URL |
CVE-1999-1479 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
