ID CVE-2000-0213 Type cve Reporter NVD Modified 2008-09-10T15:03:19
Description
The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0213", "history": [], "references": ["http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3@cybcom.net", "http://www.securityfocus.com/bid/1002", "http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=red"], "lastseen": "2016-09-03T02:35:16", "bulletinFamily": "NVD", "title": "CVE-2000-0213", "cpe": ["cpe:/a:sambar:sambar_server:4.2:beta7"], "viewCount": 0, "id": "CVE-2000-0213", "hash": "97a6fcc40f78a6162d86a15c001e145a2dc0326804df1a0237cbef61af337bd1", "description": "The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2000-0213"], "scanner": [], "modified": "2008-09-10T15:03:19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2000-02-23T00:00:00", "enchantments": {"vulnersScore": 7.5}}
{"result": {"osvdb": [{"id": "OSVDB:194", "type": "osvdb", "title": "Sambar Server hello.bat Code Execution", "description": "## Vulnerability Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when additional commands are appended to a request for the \"hello.bat\" file. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 4.3 beta 8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):\n\nRemove all .bat files from the /cgi-bin/ directory.\n## Short Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when additional commands are appended to a request for the \"hello.bat\" file. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/cgi-bin/hello.bat?&dir+c:\n\n## References:\nVendor URL: http://www.sambar.com/syshelp/security.htm\n[Related OSVDB ID: 5802](https://vulners.com/osvdb/OSVDB:5802)\n[Nessus Plugin ID:10246](https://vulners.com/search?query=pluginID:10246)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-02/0288.html\nISS X-Force ID: 3999\n[CVE-2000-0213](https://vulners.com/cve/CVE-2000-0213)\nBugtraq ID: 1002\n", "published": "2000-02-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:194", "cvelist": ["CVE-2000-0213"], "lastseen": "2017-04-28T13:19:55"}, {"id": "OSVDB:5802", "type": "osvdb", "title": "Sambar Server echo.bat Code Execution", "description": "## Vulnerability Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when additional commands are appended to a request for the \"echo.bat\" file. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 4.3 beta 8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):\n\nRemove all .bat files from the /cgi-bin/ directory.\n## Short Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when additional commands are appended to a request for the \"echo.bat\" file. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/cgi-bin/echo.bat?&dir+c:\\\n## References:\nVendor URL: http://www.sambar.com/syshelp/security.htm\n[Related OSVDB ID: 194](https://vulners.com/osvdb/OSVDB:194)\n[Nessus Plugin ID:10246](https://vulners.com/search?query=pluginID:10246)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-02/0288.html\nISS X-Force ID: 3999\n[CVE-2000-0213](https://vulners.com/cve/CVE-2000-0213)\nBugtraq ID: 1002\n", "published": "2000-02-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:5802", "cvelist": ["CVE-2000-0213"], "lastseen": "2017-04-28T13:20:00"}], "nessus": [{"id": "SAMBAR_CGI.NASL", "type": "nessus", "title": "Sambar Server Multiple Script Arbitrary Code Execution", "description": "At least one of these CGI scripts is installed :\n\n hello.bat echo.bat\n\nThey allow any attacker to execute commands with the privileges of the web server process.", "published": "2000-02-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=10246", "cvelist": ["CVE-2000-0213"], "lastseen": "2016-09-26T17:23:32"}], "exploitdb": [{"id": "EDB-ID:19761", "type": "exploitdb", "title": "Sambar Server 4.2 beta 7 Batch CGI Vulnerability", "description": "Sambar Server 4.2 beta 7 Batch CGI Vulnerability. CVE-2000-0213. Remote exploit for windows platform", "published": "2000-02-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/19761/", "cvelist": ["CVE-2000-0213"], "lastseen": "2016-02-02T12:38:53"}]}}
