Common Gateway Interface Interface (CGI) Access

Impact

Many Web servers support dynamic page generation through CGI, related scripting, and remote program execution. Several of these scripts/programs present vulnerabilities to the Web server to include: The table below provides a list of the vulnerabilities which SARA attempts to identify where the columns are:

ExploitCVECharacteristicReference
webdist1999-0039Execute commands on IRIX Web Serverhttp://www.securityfocus.com/bid/374
phf1999-0067Execute commands on Web Serverhttp://www.securityfocus.com/bid/629
htmlscript1999-0264Access files on Web Serverhttp://xforce.iss.net/static/1466.php
php1999-0058View files on Web Serverhttp://www.securityfocus.com/bid/911
counter1999-0021Execute commands on Web Serverhttp://www.securityfocus.com/bid128
jj1999-0260View files on Web Server http://xforce.iss.net/static/1808.php
pfdispaly1999-0270Access files on Web Serverhttp://www.securityfocus.com/bid/64
faxsurvey1999-0262Execute commands on Web Serverhttp://xforce.iss.net/static/1532.php
view_source1999-0174View files on Web Serverhttp://www.securityfocus.com/bid/303
htsearch2000-0208View files on Web Serverhttp://www.securityfocus.com/bid/1026
FrontPageAccess to files on Web Serverhttp://xforce.iss.net/static/3682.php
rdsExecute commands on IIS Serverhttp://xforce.iss.net/static/1212.php
ezshopperExecute commands on Web Serverhttp://xforce.iss.net/static/4044.php
mylog1999-0068View files on Web Serverhttp://xforce.iss.net/static/1468.php
mlog1999-0346View files on Web Serverhttp://xforce.iss.net/static/1505.php
jetadminView files on Web Serverhttp://xforce.iss.net/static/4525.php
big brotherView files on Web Serverhttp://xforce.iss.net/static/4879.php
source.aspWrite files on Apache Servershttp://xforce.iss.net/static/4931.php
pollit cgiView files on Web Serverhttp://xforce.iss.net/static/4878.php
PUT RequestWrite files on Web ServerCheck Permissions for / and /cgi-bin
PHPExecute commands on Web Serverhttp://www.securityfocus.com/bid/1786
Web ShopperRead files on Web Serverhttp://www.securityfocus.com/bid/1776
Shopping CartRead files on Web Serverhttp://www.securityfocus.com/bid/1777
Netauth CGIdot-dot directory traversalhttp://www.securityfocus.com/bid/1587
calendar.plExecute files on serverhttp://www.securityfocus.com/bid/1215
(command execution)Execute commands on IIS server http://www.securityfocus.com/bid/1806
www.nsfocus.com/english/homepage/sa01-02.htm
BugzillaExecute commands on Bugzilla server http://www.securityfocus.com/bid/2671

Resolution

Resolution of the exploit(s) is provided in the Table Reference

CVE Reference(s):