| VID |
21109 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote web server appears to be running O'Reilly WebSite and the '/cgi-win/uploader.exe' CGI is installed on the server.
The uploader program in O'Reilly WebSite versions previous to 2.0 allows a remote attacker to execute arbitrary programs, and the program in O'Reilly WebSite Pro version 2.3.7 allows any user to upload arbitrary files to the server. |
| Recommendation |
No remedy available as of June 2014. As a workaround, remove the world readable permissions for the /cgi-win directory and other cgi directories or delete uploader.exe. |
| Related URL |
CVE-2000-0769 (CVE) |
| Related URL |
1611 (SecurityFocus) |
| Related URL |
5157 (ISS) |
|
