| VID |
21147 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
There are two major security holes in the Search`97 Information Server by Verity.
The first one is a simple CGI hack in the search97 CGI script that allows anybody with permission to execute the s97_cgi CGI script to look at files on the webserver. This affects all versions up to and including 3.1.
The second security problem with the tasmgr application contains a vulnerability that allows unauthenticated users to control agent processes. |
| Recommendation |
Disable access to the offending programs and block unauthorized hosts from connecting to the DCM server port (TCP 1972), and obtain the patches from Verity as soon as possible. |
| Related URL |
(CVE) |
| Related URL |
162 (SecurityFocus) |
| Related URL |
1628 (ISS) |
|
