| VID |
21128 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "/iissamples/iissamples/query.asp" CGI program is installed in the relevant web server. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). |
| Recommendation |
Delete the sample directory, /iissamples from the IIS server |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
