Test ID:	10541
Category:	CGI abuses
Title:	KW whois
Summary:	Checks for the presence of /cgi-bin/whois.cgi
Description:	The KW whois cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Solution : remove it from /cgi-bin or upgrade to version 1.1 Risk factor : High
Cross-Ref:	BugTraq ID: 1883 Common Vulnerability Exposure (CVE) ID: CVE-2000-0941 Bugtraq: 20001029 Remote command execution via KW Whois 1.0 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html Bugtraq: 20001029 Re: Remote command execution via KW Whois 1.0 (addition) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html http://www.kootenayweb.bc.ca/scripts/whois.txt http://www.securityfocus.com/bid/1883 XForce ISS Database: kw-whois-meta http://xforce.iss.net/static/5438.php
Copyright	This script is Copyright (C) 2000 Renaud Deraison

This is only one of 24808 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: