| VID |
21105 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The www-sql is a cgi program to access a mysql database via a http server and create easily some pages from a query result. This script is available into Incoming sunsite directory.
The www-sql HTTP database access script versions prior to 0.5.0 failed to authenticate remote users requesting files on the web site protected by .htaccess restrictions under the Apache web server. |
| Recommendation |
If it's not need, remove 'www-sql' file from CGI-BIN directory, or Upgrade to version 0.5.0 of the script. |
| Related URL |
CVE-2000-0012 (CVE) |
| Related URL |
898 (SecurityFocus) |
| Related URL |
(ISS) |
|
