| VID |
21212 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "multihtml.pl" CGI is installed. MultiHTML is a CGI script that allows Web sites to display a common HTML component on multiple Web pages, using SSI (Server Side Include) directives. When a Web page containing an SSI directive is accessed, the script inserts the predefined HTML segment into the Web page. A remote attacker can send a malformed URL containing %00 to trick the CGI script into retrieving any file off the system, regardless of the file's location or .htaccess permissions. |
| Recommendation |
No remedy available as of June 2014. Remove "multihtml.pl" from CGI-BIN. |
| Related URL |
CVE-2000-0912 (CVE) |
| Related URL |
6711 (SecurityFocus) |
| Related URL |
5285 (ISS) |
|
