Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1874

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-1874
Last Modified 05 Sep 2008 04:31:44
Published 31 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1874

Summary

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.

Vulnerable Systems

Application

  • Astrocam 0.9-1-1

  • Astrocam 0.9-5-1

  • Astrocam 0.9-7-3

  • Astrocam 1.0.1

  • Astrocam 1.4


References

BID - 6105

XF - astrocam-cgi-command-execution(10538)

SECTRACK - 1005523

CONFIRM - http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup


Last Updated: 27 May 2016 10:37:31