| VID |
21734 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The man2web program is vulnerable to a command execution vulnerability in multiple scripts. man2web is a program for dynamically converting Unix man pages to HTML for Unix-based operating systems. man2web version 0.88 and earlier versions could allow a remote attacker to execute arbitrary system commands, caused by improper validation of user-supplied input passed to the multiple scripts. By sending specially-crafted HTTP GET requests containing arbitrary system commands to multiple scripts, a remote attacker could execute arbitrary shell commands on the system with privileges of the Web server process.
* Platforms Affected:
Source Forge Project, man2web version 0.88 and earlier versions
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to a version of man2web greater than 0.88, when new fixed version becomes available from the SourceForge.net Web site at http://man2web.sourceforge.net/ |
| Related URL |
CVE-2005-2812 (CVE) |
| Related URL |
14747 (SecurityFocus) |
| Related URL |
22256 (ISS) |
|
