| VID |
21208 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "dcforum" CGI is installed. DCForum, developed by DCScripts, is a CGI script used to create and administer Web-based message boards.
DCForum versions 6.0 and earlier could allow a remote attacker to view arbitrary files on the server. Due to insufficient validation of user-supplied input, a remote attacker can read arbitrary files with the privileges of the http daemon (usually root or nobody). If the attacker attempts to view the source code of the dcforum.cgi script, the script deletes itself, causing a denial of service.
* References:
http://www.iss.net/security_center/static/5533.php
http://www.dcscripts.com/dcforum/dcfNews/124.html |
| Recommendation |
Immediately, Apply the latest patch available at: http://www.dcscripts.com/dcforum/dcfNews/124.html |
| Related URL |
CVE-2000-1132 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
