Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2196 |
Message | WEB-CGI catgy.cgi access |
Summary | This event is generated when an attempt is made to access catgy.cgi on an internal web server. This may indicate an attempt to exploit a cross-site scripting vulnerability in Aktivate e-commerce software. |
Impact | Arbitrary code execution, possible session hijack. |
Detailed Information | Aktivate 1.03 is an e-commerce application for use on Linux and other UNIX-based operating systems. An attacker can craft a URL with malicious code in the "desc" command's argument that passes the commands to catgy.cgi. If a legitimate user activates the URL, malicious code may be executed on the client computer. |
Affected Systems | Systems running Aktivate 1.03. |
Attack Scenarios | An attacker may craft a URL that, when activated by a legitimate user, obtains the user's session cookie, thereby allowing the attacker to pose as the user for the duration of the session. |
Ease of Attack | Simple. A proof of concept exists. |
Corrective Action | It is not known if this vulnerability has been fixed. Contact the vendor, Allen & Keul Web Solutions (http://www.allen-keul.net) for more information. |
Additional References | http://www.securityfocus.com/bid/3714 |
Rule References | bugtraq: 3714 bugtraq: 4579 cve: 2001-1212 nessus: 11748 |
--
DID:708615
--
http://www.aanval.com/