| VID |
21098 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "webgais" CGI is installed.
WEBgais is a web-based index/query system written in the Perl language. A vulnerability exists in the way the webgais script handles shell metacharacters, which allows a remote attacker to execute commands on the remote machine with the privileges of the web server, usually nobody. All versions of the WEBgais package up to 1.0b2 are vulnerable.
¡Ø BUGTRAQ:Jul10,1997
* References:
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.95.970710183819.16979A-100000@pop3.kappa.ro |
| Recommendation |
Because all versions of the WEBgais package up to 1.0b2 are vulnerable, if installed those versions on the web server, then disable the webgais script or upgrade to the latest version on the package |
| Related URL |
CVE-1999-0176 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
