| VID |
21602 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WebAPP software is vulnerable to a remote command execution vulnerability in the apage.cgi script. WebAPP is a freely available, open source Web portal system written in Perl for Unix operating systems. WebAPP version 0.9.9.2.1 and earlier versions could allow a remote attacker to execute arbitrary commands on the system, caused by improper filtering of user-supplied input in the 'f' parameter in the 'apage.cgi script. By sending a specially-crafted request containing commands with the '|' characters in 'f' parameter in the 'apage.cgi script, a remote attacker could execute arbitrary commands on the system with privileges of the Web server.
* References:
http://www.frsirt.com/english/advisories/2005/0554
* Platforms Affected:
WebAPP version 0.9.9.2.1 and earlier versions
Unix Any version |
| Recommendation |
No upgrade or patch available as of May 2005.
Upgrade to the latest version of WebAPP (0.9.9.2.1 later) or apply the appropriate patch, when new version or patch fixed this problem becomes available from the WebAPP Download Web page at http://www.web-app.org/cgi-bin/index.cgi?action=downloads |
| Related URL |
CVE-2005-1628 (CVE) |
| Related URL |
13637 (SecurityFocus) |
| Related URL |
(ISS) |
|
