Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2194 |
Message | WEB-CGI CSMailto.cgi access |
Summary | This event is generated when an attempt is made to access CSMailto.cgi on an internal web server. This may indicate an attempt to exploit an input validation vulnerability in a form mail script distributed by CGIScript.NET. |
Impact | Remote execution of arbitrary code and information disclosure. |
Detailed Information | CSMailto.cgi is a Perl script that manages multiple email forms. An attacker can use a specially crafted URL to execute shell commands on the server and/or email files from the server to a remote email address. |
Affected Systems | Any web server running CGIScript.NET CSMailto.cgi. |
Attack Scenarios | An attacker places shell code in a URL sent to CSMailto.cgi on the web server. The server then executes the code. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | It is unknown if this vulnerability has been fixed. Contact the vendor, CGIScript.NET (http://www.cgiscript.net) for more information. |
Additional References | Bugtraq http://www.securityfocus.com/bid/4579 |
Rule References | bugtraq: 4579 bugtraq: 6265 cve: 2002-0749 nessus: 11748 |
--
DID:366863
--
http://www.aanval.com/