Vulnerability   
Search   
    Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10016
Category:CGI abuses
Title:AN-HTTPd tests CGIs
Summary:NOSUMMARY
Description:Description:

At least one of these CGIs is installed on the remote server :

cgi-bin/test.bat
cgi-bin/input.bat
cgi-bin/input2.bat
ssi/envout.bat

It is possible to misuse them to make the remote server

execute arbitrary commands.
For instance :
http://www.xxx.yy/cgi-bin/input.bat? pipe symbol dir..\..\windows
would show a complete directory listing of the remote system's
private 'C:\windows\' directory.

Solution : Upgrade to the latest version of AN-HTTPd
(http://www.st.rim.or.jp/~
nakata/), or contact your vendor
for a patch, or consider changing your HTTP server software.


Risk factor : High

Cross-Ref: BugTraq ID: 762
Common Vulnerability Exposure (CVE) ID: CVE-1999-0947
http://www.securityfocus.com/bid/762
Bugtraq: 19991102 Some holes for Win/UNIX softwares (Google Search)
http://marc.info/?l=bugtraq&m=94157187815629&w=2
CopyrightThis script is Copyright (C) 1999 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2025 E-Soft Inc. All rights reserved.