| VID |
21107 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote web server appears to be running O'Reilly WebSite and the '/cgi-dos/args.bat' CGI is installed on the server.
The args.bat program included with O'Reilly WebSite versions previous to 2.0 allows a remote attacker to execute arbitrary commands on the server with the privileges of httpd daemon.
The exploit can be:
http://website.host/cgi-dos/args.bat?"&any+dos+command" |
| Recommendation |
Remove the sample program including '/cgi-dos/args.bat' file from the CGI directories and upgrade to the latest version of WebSite. |
| Related URL |
CVE-1999-1180 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
