[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 10 - CGI (31 candidates)


This Low controversy cluster contains 31 candidates, all having to do
with vulnerabilities in CGI programs.

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0066
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-anyform

AnyForm CGI remote execution

VOTE: 

=================================
Candidate: CAN-1999-0070
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-test

test-cgi program allows an attacker to list files on the server

VOTE: 

=================================
Candidate: CAN-1999-0146
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-campas

The campas CGI program provided with some NCSA web servers allows an
attacker to read arbitrary files.

VOTE: 

=================================
Candidate: CAN-1999-0147
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-glimpse

The aglimpse CGI program of the Glimpse package allows remote
execution of arbitrary commands

VOTE: 

=================================
Candidate: CAN-1999-0148
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-handler

The handler CGI program in IRIX allows arbitrary command execution.

VOTE: 

=================================
Candidate: CAN-1999-0149
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-wrap

The wrap CGI program in IRIX allows arbitrary command execution from
remote users.

VOTE: 

=================================
Candidate: CAN-1999-0172
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-exe

FormMail CGI program allows remote execution of commands.

VOTE: 

=================================
Candidate: CAN-1999-0173
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-use

FormMail CGI program can be used by web servers other than the
host server that the program resides on.

VOTE: 

=================================
Candidate: CAN-1999-0174
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

The view-source CGI program allows remote attackers to read any file on
the system that is internally accessible by the web server.

VOTE: 

=================================
Candidate: CAN-1999-0176
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-query

The Webgais program allows a remote user to execute arbitrary
commands.

VOTE: 

=================================
Candidate: CAN-1999-0177
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-uploader

The uploader program in the WebSite web server allows a remote
attacker to execute arbitrary programs.

VOTE: 

=================================
Candidate: CAN-1999-0178
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-winsample

The win-c-sample program in the WebSite web server has a buffer
overflow that allows remote execution of commands.

VOTE: 

=================================
Candidate: CAN-1999-0191
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

IIS newdsn.exe CGI script allows remote users to overwrite files.

VOTE: 

=================================
Candidate: CAN-1999-0196
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-smail

The websendmail program in the Webgais program allows a remote user to
access arbitrary files.

VOTE: 

=================================
Candidate: CAN-1999-0233
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-iis-cmd

IIS and WebSite allow users to execute arbitrary commands using
.bat or .cmd files.

VOTE: 

=================================
Candidate: CAN-1999-0236
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-scriptalias

ScriptAlias directory in NCSA and Apache httpd allowed attackers to
read CGI programs.

VOTE: 

=================================
Candidate: CAN-1999-0237
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-guestbook

Remote execution of arbitrary commands through Guestbook CGI program.

VOTE: 

=================================
Candidate: CAN-1999-0238
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-phpfileread

php.cgi allows attackers to read any file on the system.

VOTE: 

=================================
Candidate: CAN-1999-0253
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-iis-2e

IIS 3.0 allows remote intruders to read source code for ASP programs
by using a "2e" instead of a "." in the URL.

VOTE: 

=================================
Candidate: CAN-1999-0262
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

faxsurvey CGI script on Linux allows remote command execution via
shell metacharacters.

VOTE: 

=================================
Candidate: CAN-1999-0264
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

htmlscript CGI program allows remote read access to files.

VOTE: 

=================================
Candidate: CAN-1999-0268
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

MetaInfo MetaWeb web server allows users to upload and execute scripts.

VOTE: 

=================================
Candidate: CAN-1999-0269
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

Netscape Enterprise servers may list files through the PageServices query.

VOTE: 

=================================
Candidate: CAN-1999-0270
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

pfdispaly CGI program for SGI's Performer API Search Tool allows read
access to files.

VOTE: 

=================================
Candidate: CAN-1999-0271
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

Progressive Networks Real Video server (pnserver) can be crashed remotely.

VOTE: 

=================================
Candidate: CAN-1999-0278
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

In IIS, remote attackers can obtain source code for ASP files by appending
"::$DATA" to the URL.

VOTE: 

=================================
Candidate: CAN-1999-0279
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.01.excite

Excite for Web Servers (EWS) allows remote command execution via
shell metacharacters.

VOTE: 

=================================
Candidate: CAN-1999-0283
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF

The Java Web Server would allow remote users to obtain the source
code for CGI programs.

VOTE: 

=================================
Candidate: CAN-1999-0347
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan26,1999
Reference: NTBUGTRAQ:Jan28,1999

Javascript bug in Internet Explorer 4.01 by adding %01URL allows
reading local files and spoofing of web pages from other sites.

VOTE: 

=================================
Candidate: CAN-1999-0348
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NTBUGTRAQ:Jan27,1999

IIS ASP caching problem releases sensitive information when two
virtual servers share the same physical directory.

VOTE: 

=================================
Candidate: CAN-1999-0360
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan29,1999
Reference: NTBUGTRAQ:Jan29,1999

MS Site Server 2.0 with IIS 4 can allow users to upload content,
including ASP, to the target web site, thus allowing them to
execute commands remotely.

VOTE:
Page Last Updated or Reviewed: May 22, 2007