| VID |
21163 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "/cgi-bin/htgrep" CGI is installed. Htgrep is a Perl utility for creating simple search engines for Web servers as CGI scripts.
Due to a vulnerability in Htgrep CGI, a remote attacker can add a header and footer file to the search input to view arbitrary files in the Web server's directory with the privileges of the http daemon (root or nobody). |
| Recommendation |
No remedy available as of June 2014. Delete the CGI. |
| Related URL |
CVE-2000-0832 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
5476 (ISS) |
|
