| VID |
21655 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
An Athena Web Registration seems to be running on the host and is vulnerable to a command execution vulnerability. Athena Web Registration is a HTTP server for Microsoft Windows operating systems. Athena Web Registration could allow a remote attacker to execute arbitrary shell commands, caused by improper validation of user-supplied input in the athenareg.php script. By sending a specially-crafted POST request containing shell commands in the pass parameter of the athenareg.php script, a remote attacker could execute arbitrary shell commands on the affected host with privileges of the Web server.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=16861
* Platforms Affected:
Athena Web Registration Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of August 2005.
Upgrade to the latest version of Athena Web server, when new fixed version becomes available from the Athena Web site at http://www.sagebrushcorp.com/tech/athena.cfm
-- OR --
Use another Web server |
| Related URL |
CVE-2004-1782 (CVE) |
| Related URL |
9349 (SecurityFocus) |
| Related URL |
(ISS) |
|
