| VID |
21149 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
"/ssi/envout.bat"CGI is installed in the web server. This CGI can execute arbitrary commands by remote using Shell metacharacter in the AN-HTTPd web server example CGI script.
For example, you can execute the dir command like this,
http://www.xxx.yy/cgi-bin/input.bat?£üdir..£Ü..£Üwindows
¡Ø BUGTRAQ:19991102 Some holes for Win/UNIX softwares |
| Recommendation |
Download a version 1.21 from "http://www.st.rim.or.jp/~nakata/" and install it |
| Related URL |
CVE-1999-0947 (CVE) |
| Related URL |
762 (SecurityFocus) |
| Related URL |
(ISS) |
|
