| VID |
21217 |
| Severity |
30 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "YaBB.pl" CGI is installed.
YaBB is an open source Bulletin Board system for Web sites. YaBB version 9.1.2000 could allow a remote attacker to obtain access to any file on the system, due to a vulnerability in the way the Display.pl script handles the opening of files without any security checks.
* References:
http://www.iss.net/security_center/static/5254.php
http://www.yabb.org/downloads.php |
| Recommendation |
Remove "YaBB.pl" from /cgi-bin, or Upgrade to the latest version of YaBB (9.11.2000 or later), available from the YaBB Web site. See References. |
| Related URL |
CVE-2000-0853 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
