| VID |
21204 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "pals-cgi" CGI is installed. WebPALS is a CGI script that provides a Web interface to PALS, a shared library management system used by colleges and universities.
Anyway, All versions of WebPALS Library System could allow a remote attacker to view unauthorized files or execute arbitrary commands on the system with the privileges of the http daemon (usually root or nobody). |
| Recommendation |
No upgrade or patch available as of June 2014. Remove it from /cgi-bin. |
| Related URL |
CVE-2001-0216,CVE-2001-0217 (CVE) |
| Related URL |
2372 (SecurityFocus) |
| Related URL |
6102 (ISS) |
|
