Test ID:	1.3.6.1.4.1.25623.1.0.10779
Category:	Web application abuses
Title:	CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability
Summary:	The remote host seems to be vulnerable to a security problem in; CGIEmail (cgicso). The vulnerability is caused by inadequate processing of queries by CGIEmail's; cgicso and results in a command execution vulnerability.
Description:	Summary: The remote host seems to be vulnerable to a security problem in CGIEmail (cgicso). The vulnerability is caused by inadequate processing of queries by CGIEmail's cgicso and results in a command execution vulnerability. Vulnerability Impact: The server can be compromised by executing commands as the web server's running user (usually 'nobody'). Solution: Modify cgicso.h to contain a strict setting of your finger host. Example: Define the following in cgicso.h: #define CGI_CSO_HARDCODE #define CGI_CSO_FINGERHOST 'localhost' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1652 BugTraq ID: 6141 http://www.securityfocus.com/bid/6141 CERT/CC vulnerability note: VU#185251 http://www.kb.cert.org/vuls/id/185251 http://www.securiteam.com/exploits/5TP0W005FE.html http://securitytracker.com/id?1002395 XForce ISS Database: cgiemail-cgicso-get-bo(10595) https://exchange.xforce.ibmcloud.com/vulnerabilities/10595
Copyright	Copyright (C) 2001 SecurITeam & Copyright (C) 2001 Noam Rathaus

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.