Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1241

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1241
Last Modified 10 Sep 2008 03:10:01
Published 17 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1241

Summary

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

Vulnerable Systems

Application

  • Steve Grimm Un-cgi 1.0

  • Steve Grimm Un-cgi 1.1

  • Steve Grimm Un-cgi 1.2

  • Steve Grimm Un-cgi 1.3

  • Steve Grimm Un-cgi 1.4

  • Steve Grimm Un-cgi 1.5

  • Steve Grimm Un-cgi 1.6

  • Steve Grimm Un-cgi 1.6.1

  • Steve Grimm Un-cgi 1.6.2

  • Steve Grimm Un-cgi 1.7

  • Steve Grimm Un-cgi 1.8

  • Steve Grimm Un-cgi 1.9


References

XF - uncgi-unexecutable-cgi(6847)

CONFIRM - http://www.midwinter.com/~koreth/uncgi.html

CONFIRM - http://www.midwinter.com/~koreth/uncgi-changes.html

BUGTRAQ - 20010717 multiple vulnerabilities in un-cgi

BID - 3057

BUGTRAQ - 20010718 Re: [Khamba Staring ] multiple


Last Updated: 27 May 2016 10:36:35