| VID |
21160 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "whois_raw.cgi" CGI is installed.
CDomain(http://www.cdomain.com) is a commercial CGI package that provides a Web-based gateway to the Whois service. Versions previous to 2.5, namely the Unix versions formerly distributed for free, contain a vulnerability in the whois_raw.cgi component that could allow a remote attacker to execute commands with the privileges of the server process.
To determine whether a system is running a web server with whois_raw.cgi installed as a vulnerable cgi, you can use an web browser to access the password file on the system as the following:
http://target.com/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
* References:
http://www.securityfocus.com/bid/304
http://www.iss.net/security_center/static/2251.php |
| Recommendation |
If it's not needed, remove the imagemap.exe program from the CGI-BIN directory, or Upgrade to a newer version. Only versions 2.4 and below of the whois_raw.cgi are vulnerable. Versions 2.5 and above (including the latest - 4.0) and the Windows NT version of this program are not vulnerable to this type of attack. |
| Related URL |
CVE-1999-1063 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
