| VID |
21108 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote web server appears to be running O'Reilly WebSite and the '/cgi-shl/win-c-sample.exe' CGI is installed on the server.
The win-c-sample.exe program included with O'Reilly WebSite versions previous to 2.0 contains a buffer overflow that could allow a remote attacker to execute arbitrary commands on the server. The commands will be executed with the privileges of the user owning the server process.
* References:
http://www.iss.net/security_center/static/295.php
http://website.oreilly.com/ |
| Recommendation |
Remove the sample program including '/cgi-shl/win-c-sample.exe' file from the CGI directories and upgrade to the latest version of WebSite. |
| Related URL |
CVE-1999-0178 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
