| VID |
21152 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "netauth.cgi" CGI is installed. Netwin Netauth is a Web-based email management tool.
Netwin Netauth versions 4.2 and earlier could allow an attacker to read arbitrary files with the privileges of the http daemon (usually root or nobody) by using "dot dot" (/../) sequences. |
| Recommendation |
Upgrade to the latest version of Netwin Netauth (4.2f or later), available from the Netwin Web site, http://netwinsite.com/netauth/ |
| Related URL |
CVE-2000-0782 (CVE) |
| Related URL |
1587 (SecurityFocus) |
| Related URL |
5090 (ISS) |
|
