ID CVE-2000-0423
Type cve
Reporter NVD
Modified 2016-10-17T22:07:00
Description
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
{"id": "CVE-2000-0423", "bulletinFamily": "NVD", "title": "CVE-2000-0423", "description": "Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.", "published": "2000-05-05T00:00:00", "modified": "2016-10-17T22:07:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0423", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/1172", "http://marc.info/?l=bugtraq&m=95764950403250&w=2"], "cvelist": ["CVE-2000-0423"], "type": "cve", "lastseen": "2017-04-18T15:49:23", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:netwin:dnews:5.3"], "cvelist": ["CVE-2000-0423"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.", "edition": 1, "hash": "57c2aaf7698a49e11d33793a0cbcb1a3e51fb1c3c0a19ca837798a67efb3ddc1", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e6b27b46a37a5fc27a7b67eaf51354f2", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "c2ef508d579a0bbcf5914387169665e5", "key": "description"}, {"hash": "cfbc2b2f840c2a5b9296caed2986874d", "key": "cvelist"}, {"hash": "756029500f7b5b094c1e4e9b13539d31", "key": "references"}, {"hash": "2dd67a01786e29aa688d954b0051a0a0", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6138bdc3f0594c60cd38ba0b4d273035", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "eb09104ec484070d1f2b419d5ce9e93b", "key": "published"}, {"hash": "1b5fd7342f262d0d69c065a699985d4f", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0423", "id": "CVE-2000-0423", "lastseen": "2016-09-03T02:38:50", "modified": "2008-09-10T15:04:37", "objectVersion": "1.2", "published": "2000-05-05T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=95764950403250&w=2", "http://www.securityfocus.com/bid/1172"], "reporter": "NVD", "scanner": [], "title": "CVE-2000-0423", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T02:38:50"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e6b27b46a37a5fc27a7b67eaf51354f2"}, {"key": "cvelist", "hash": "cfbc2b2f840c2a5b9296caed2986874d"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "c2ef508d579a0bbcf5914387169665e5"}, {"key": "href", "hash": "2dd67a01786e29aa688d954b0051a0a0"}, {"key": "modified", "hash": "54a87c88a35a1884e2e912dbea82fd51"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "eb09104ec484070d1f2b419d5ce9e93b"}, {"key": "references", "hash": "22047ba76df16909c3bcaa473c025e47"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1b5fd7342f262d0d69c065a699985d4f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1464742b7d766cc1481cfeec681a79d23c10fd10c4bc1050fcea75ce5d55190e", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:netwin:dnews:5.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-04-18T15:49:23"}, "vulnersScore": 7.5}}
{"result": {"exploitdb": [{"lastseen": "2016-02-02T12:59:42", "osvdbidlist": ["13683"], "references": [], "description": "NetWin DNews 5.3 Server Buffer Overflow Vulnerability. CVE-2000-0423. Remote exploit for windows platform", "edition": 1, "reporter": "Joey__", "published": "2000-03-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "NetWin DNews 5.3 Server Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0423"], "modified": "2000-03-01T00:00:00", "id": "EDB-ID:19895", "href": "https://www.exploit-db.com/exploits/19895/", "sourceData": "source: http://www.securityfocus.com/bid/1172/info\r\n\r\nDNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the \"group\", \"cmd\" and \"utag\" variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19895.zip", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/19895/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:09", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://www.atstake.com/research/advisories/2000/advdnw.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-05/0070.html\nISS X-Force ID: 4421\n[CVE-2000-0423](https://vulners.com/cve/CVE-2000-0423)\nBugtraq ID: 1172\n", "reporter": "OSVDB", "published": "2000-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Netwin DNews News Server DNEWSWEB QUERY_STRING Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2000-0423"], "modified": "2000-05-05T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:13683", "id": "OSVDB:13683", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-06-15T13:44:45", "references": [], "pluginID": "11748", "description": "It is possible that the remote web server contains one or more dangerous CGI scripts. \n\nNote that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities.", "edition": 5, "reporter": "Tenable", "published": "2003-06-17T00:00:00", "title": "Multiple Dangerous CGI Script Detection", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0923", "CVE-2002-0955", "CVE-2001-0022", "CVE-2001-0135", "CVE-2000-0423", "CVE-2001-0180", "CVE-2001-0100", "CVE-2001-0023", "CVE-2001-1343", "CVE-2002-0750", "CVE-2000-1023", "CVE-2001-0099", "CVE-2000-0288", "CVE-2003-0153", "CVE-1999-1377", "CVE-1999-1374", "CVE-1999-0935", "CVE-2001-1212", "CVE-2001-1196", "CVE-1999-0937", "CVE-2001-0420", "CVE-2000-0526", "CVE-2001-0123", "CVE-2001-0133", "CVE-2001-1205", "CVE-2000-1131", "CVE-2002-1526", "CVE-2001-1283", "CVE-2002-0749", "CVE-2000-0977", "CVE-1999-1072", "CVE-2002-1334", "CVE-2002-1334", "CVE-2002-0346", "CVE-2002-0203", "CVE-2000-0952", "CVE-2000-1132", "CVE-1999-0934", "CVE-2001-1100", "CVE-2002-0611", "CVE-2002-0752", "CVE-2002-0263", "CVE-2002-0710", "CVE-2001-0562", "CVE-2002-0917", "CVE-2002-0751", "CVE-2002-0230", "CVE-2001-0076"], "modified": "2018-06-14T00:00:00", "cpe": [], "id": "DANGEROUS_CGIS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=11748", "sourceData": "#\n# This script was written by John Lampe...j_lampe@bellsouth.net \n# Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# See the Nessus Scripts License for details\n\n# Changes by Tenable:\n# - Revised plugin title, moved CVE from header comment to CVE (4/9/2009)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11748);\n script_version (\"1.36\");\n\n script_cve_id(\n \"CVE-1999-0934\",\n \"CVE-1999-0935\",\n \"CVE-1999-0937\",\n \"CVE-1999-1072\",\n \"CVE-1999-1374\",\n \"CVE-1999-1377\",\n \"CVE-2000-0288\",\n \"CVE-2000-0423\",\n \"CVE-2000-0526\",\n \"CVE-2000-0923\",\n \"CVE-2000-0952\",\n \"CVE-2000-0977\",\n \"CVE-2000-1023\",\n \"CVE-2000-1131\",\n \"CVE-2000-1132\",\n \"CVE-2001-0022\",\n \"CVE-2001-0023\",\n \"CVE-2001-0076\",\n \"CVE-2001-0099\",\n \"CVE-2001-0100\",\n \"CVE-2001-0123\",\n \"CVE-2001-0133\",\n \"CVE-2001-0135\",\n \"CVE-2001-0180\",\n \"CVE-2001-0420\",\n \"CVE-2001-0562\",\n \"CVE-2001-1100\",\n \"CVE-2001-1196\",\n \"CVE-2001-1205\",\n \"CVE-2001-1212\",\n \"CVE-2001-1283\",\n \"CVE-2001-1343\",\n \"CVE-2002-0203\",\n \"CVE-2002-0230\",\n \"CVE-2002-0263\",\n \"CVE-2002-0346\",\n \"CVE-2002-0611\",\n \"CVE-2002-0710\",\n \"CVE-2002-0749\",\n \"CVE-2002-0750\",\n \"CVE-2002-0751\",\n \"CVE-2002-0752\",\n \"CVE-2002-0917\",\n \"CVE-2002-0955\",\n \"CVE-2002-1334\",\n \"CVE-2002-1334\",\n \"CVE-2002-1526\",\n \"CVE-2003-0153\"\n );\n script_bugtraq_id(\n 1784,\n 2177,\n 2197,\n 4211,\n 4579,\n 5078,\n 6265\n );\n \n script_name(english:\"Multiple Dangerous CGI Script Detection\");\n script_summary(english:\"Checks for dangerous cgi scripts\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may contain some dangerous CGI scripts.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"It is possible that the remote web server contains one or more\ndangerous CGI scripts. \n\nNote that this plugin does not actually test for the underlying flaws\nbut instead only searches for scripts with the same name as those with\nknown vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Visit http://cve.mitre.org/ and check the associated CVE entry for\neach script found. If you are running a vulnerable version, then\ndelete or upgrade the script.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:ND/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/06/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/01/07\");\n script_cvs_date(\"Date: 2018/06/14 12:21:47\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_ATTACK); \n \n script_copyright(english:\"This script is Copyright (C) 2003-2018 John Lampe\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"Settings/ThoroughTests\", \"Settings/ParanoidReport\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"global_settings.inc\");\n\nif ( report_paranoia < 2 || ! thorough_tests )\n exit(0, \"This plugin is slow and prone to FP: it will only run in 'paranoid' mode and if the 'Perform thorough tests' setting enabled.\");\n\nport = get_http_port(default:80);\nif ( get_kb_item(\"www/no404/\" + port ) || ! port) exit(0);\n\nif(!get_port_state(port))exit(0);\ncgi[0] = \"AT-admin.cgi\"; cve[0] = \"CVE-1999-1072\";\ncgi[1] = \"CSMailto.cgi\"; cve[1] = \"CVE-2002-0749\"; # and CVE-2002-0750, CVE-2002-0751, and CVE-2002-0752\ncgi[2] = \"UltraBoard.cgi\"; cve[2] = \"CVE-2001-0135\";\ncgi[3] = \"UltraBoard.pl\"; cve[3] = cve[2];\ncgi[4] = \"YaBB.cgi\"; cve[4] = \"CVE-2002-0955\";\ncgi[5] = \"a1disp4.cgi\"; cve[5] = \"CVE-2001-0562\";\ncgi[6] = \"alert.cgi\"; cve[6] = \"CVE-2002-0346\";\ncgi[7] = \"authenticate.cgi\"; cve[7] = \"CVE-2000-0923\";\ncgi[8] = \"bbs_forum.cgi\"; cve[8] = \"CVE-2001-0123\";\ncgi[9] = \"bnbform.cgi\"; cve[9] = \"CVE-1999-0937\";\ncgi[10] = \"bsguest.cgi\"; cve[10] = \"CVE-2001-0099\";\ncgi[11] = \"bslist.cgi\"; cve[11] = \"CVE-2001-0100\";\ncgi[12] = \"catgy.cgi\"; cve[12] = \"CVE-2001-1212\";\ncgi[13] = \"cgforum.cgi\"; cve[13] = \"CVE-2000-1132\";\ncgi[14] = \"classifieds.cgi\"; cve[14] = \"CVE-1999-0934\";\ncgi[15] = \"csPassword.cgi\"; cve[15] = \"CVE-2002-0917\";\ncgi[16] = \"cvsview2.cgi\" ; cve[16] = \"CVE-2003-0153\"; \ncgi[17] = \"cvslog.cgi\"; cve[17] = cve[16];\ncgi[18] = \"multidiff.cgi\"; cve[18] = \"CVE-2003-0153\";\ncgi[19]\t= \"dnewsweb.cgi\"; cve[19] = \"CVE-2000-0423\";\ncgi[20] = \"download.cgi\"; cve[20] = \"CVE-1999-1377\";\ncgi[21] = \"edit_action.cgi\"; cve[21] = \"CVE-2001-1196\";\ncgi[22] = \"emumail.cgi\"; cve[22] = \"CVE-2002-1526\";\ncgi[23] = \"everythingform.cgi\"; cve[23] = \"CVE-2001-0023\";\ncgi[24] = \"ezadmin.cgi\"; cve[24] = \"CVE-2002-0263\";\ncgi[25] = \"ezboard.cgi\"; cve[25] = \"CVE-2002-0263\";\ncgi[26] = \"ezman.cgi\"; cve[26] = cve[25];\ncgi[27] = \"ezadmin.cgi\"; cve[27] = cve[25];\ncgi[28] = \"FileSeek.cgi\"; cve[28] = \"CVE-2002-0611\";\ncgi[29] = \"fom.cgi\"; cve[29] = \"CVE-2002-0230\";\ncgi[30] = \"gbook.cgi\";\t cve[30] = \"CVE-2000-1131\";\ncgi[31] = \"getdoc.cgi\";\t cve[31] = \"CVE-2000-0288\";\ncgi[32] = \"global.cgi\";\t cve[32] = \"CVE-2000-0952\";\ncgi[33] = \"guestserver.cgi\"; cve[33] = \"CVE-2001-0180\";\ncgi[34] = \"imageFolio.cgi\"; cve[34] = \"CVE-2002-1334\";\ncgi[35] = \"lastlines.cgi\"; cve[35] = \"CVE-2001-1205\";\ncgi[36] = \"mailfile.cgi\"; cve[36] = \"CVE-2000-0977\";\ncgi[37] = \"mailview.cgi\"; cve[37] = \"CVE-2000-0526\";\ncgi[38] = \"sendmessage.cgi\"; cve[38] = \"CVE-2001-1100\";\ncgi[39] = \"nsManager.cgi\"; cve[39] = \"CVE-2000-1023\";\ncgi[40] = \"perlshop.cgi\"; cve[40] = \"CVE-1999-1374\";\ncgi[41] = \"readmail.cgi\"; cve[41] = \"CVE-2001-1283\";\ncgi[42] = \"printmail.cgi\"; cve[42] = cve[41];\ncgi[43] = \"register.cgi\"; cve[43] = \"CVE-2001-0076\";\ncgi[44] = \"sendform.cgi\"; cve[44] = \"CVE-2002-0710\";\ncgi[45] = \"sendmessage.cgi\"; cve[45] = \"CVE-2001-1100\";\ncgi[46] = \"service.cgi\"; cve[46] = \"CVE-2002-0346\";\ncgi[47] = \"setpasswd.cgi\"; cve[47] = \"CVE-2001-0133\";\ncgi[48] = \"simplestmail.cgi\"; cve[48] = \"CVE-2001-0022\";\ncgi[49] = \"simplestguest.cgi\"; cve[49] = cve[48];\ncgi[50] = \"talkback.cgi\"; cve[50] = \"CVE-2001-0420\";\ncgi[51] = \"ttawebtop.cgi\"; cve[51] = \"CVE-2002-0203\";\ncgi[52] = \"ws_mail.cgi\"; cve[52] = \"CVE-2001-1343\";\ncgi[53] = \"survey.cgi\"; cve[53] = \"CVE-1999-0936\";\ncgi[54] = \"rxgoogle.cgi\"; cve[54] = \"CVE-2004-0251\";\ncgi[55] = \"ShellExample.cgi\"; cve[55] = \"CVE-2004-0696\";\ncgi[56] = \"Web_Store.cgi\"; cve[56] = \"CVE-2004-0734\";\ncgi[57] = \"csFAQ.cgi\"; cve[57] = \"CVE-2004-0665\";\n\nflag = 0;\ndirectory = \"\";\n\nmymsg = string(\"\\n\", \"The following dangerous CGI scripts were found :\", \"\\n\\n\");\n\nfor (i = 0 ; cgi[i]; i = i + 1) {\n\tforeach dir (cgi_dirs()) {\n \t\tif(is_cgi_installed_ka(item:string(dir, \"/\", cgi[i]), port:port)) {\n \t\t\tflag = 1;\n\t\t\tmymsg = mymsg + string(\" - \", dir, \"/\", cgi[i], \" (\", cve[i], \")\\n\");\n \t\t} \n\t}\n} \n\n\nif (flag) {\n security_hole(port:port, extra:mymsg); \n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:05", "references": [], "pluginID": "136141256231011748", "description": "Some of the following dangerous CGIs were found.\n\n By default this script only checks for this CGIs within the /cgi-bin directory. You can change\n this behavior with the script preference to check all detected CGI directories.", "edition": 1, "reporter": "This script is Copyright (C) 2003 John Lampe", "published": "2005-11-03T00:00:00", "title": "Various dangerous cgi scripts", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0923", "CVE-2002-0955", "CVE-2001-0022", "CVE-2001-0135", "CVE-2000-0423", "CVE-2001-0180", "CVE-2001-0100", "CVE-2001-0023", "CVE-2001-1343", "CVE-2000-1023", "CVE-2001-0099", "CVE-2000-0288", "CVE-2003-0153", "CVE-1999-1377", "CVE-2004-0734", "CVE-1999-1374", "CVE-2004-0251", "CVE-1999-0935", "CVE-2001-1212", "CVE-2001-1196", "CVE-1999-0936", "CVE-1999-0937", "CVE-2001-0420", "CVE-2000-0526", "CVE-2001-0123", "CVE-2004-0665", "CVE-2001-0133", "CVE-2001-1205", "CVE-2000-1131", "CVE-2002-1526", "CVE-2001-1283", "CVE-2002-0749", "CVE-2000-0977", "CVE-1999-1072", "CVE-2002-1334", "CVE-2002-0346", "CVE-2002-0203", "CVE-2000-0952", "CVE-2000-1132", "CVE-1999-0934", "CVE-2001-1100", "CVE-2002-0611", "CVE-2002-0263", "CVE-2002-0710", "CVE-2001-0562", "CVE-2002-0917", "CVE-2002-0230", "CVE-2004-0696", "CVE-2001-0076"], "modified": "2017-02-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011748", "id": "OPENVAS:136141256231011748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: dangerous_cgis.nasl 5273 2017-02-12 13:11:18Z cfi $\n#\n# Various dangerous cgi scripts\n#\n# Authors:\n# John Lampe <j_lampe@bellsouth.net>\n# Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2003 John Lampe\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Also covers :\n# \"CVE-1999-1374\",\"CVE-2001-1283\",\"CVE-2001-0076\",\"CVE-2002-0710\",\"CVE-2001-1100\",\"CVE-2002-0346\",\"CVE-2001-0133\",\"CVE-2001-0022\",\"CVE-2001-0420\",\"CVE-2002-0203\",\"CVE-2001-1343\"\n# \"CVE-2002-0917\",\"CVE-2003-0153\",\"CVE-2003-0153\",\"CVE-2000-0423\",\"CVE-1999-1377\",\"CVE-2001-1196\",\"CVE-2002-1526\",\"CVE-2001-0023\",\"CVE-2002-0263\",\"CVE-2002-0263\",\"CVE-2002-0611\",\n# \"CVE-2002-0230\",\"CVE-2000-1131\",\"CVE-2000-0288\",\"CVE-2000-0952\",\"CVE-2001-0180\",\"CVE-2002-1334\",\"CVE-2001-1205\",\"CVE-2000-0977\",\"CVE-2000-0526\",\"CVE-2001-1100\",\"CVE-2000-1023\"\n# ,\"CVE-1999-0937\",\"CVE-2001-0099\",\"CVE-2001-0100\",\"CVE-2001-1212\",\"CVE-2000-1132\",\"CVE-1999-0934\",\"CVE-1999-0935\"\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11748\");\n script_version(\"$Revision: 5273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-12 14:11:18 +0100 (Sun, 12 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(1784, 2177, 2197, 2705, 4211, 4579, 5078);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-1072\",\"CVE-2002-0749\",\"CVE-2001-0135\",\"CVE-2002-0955\",\"CVE-2001-0562\",\n \"CVE-2002-0346\",\"CVE-2000-0923\",\"CVE-2001-0123\");\n script_name(\"Various dangerous cgi scripts\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2003 John Lampe\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_add_preference(name:\"Check all detected CGI directories:\", type:\"checkbox\", value:\"no\");\n\n tag_summary = \"Some of the following dangerous CGIs were found.\n\n By default this script only checks for this CGIs within the /cgi-bin directory. You can change\n this behavior with the script preference to check all detected CGI directories.\";\n\n tag_solution = \"Please take the time to visit http://cve.mitre.org and check the\n associated CVE ID for each cgi found. If you are running a vulnerable\n version, then delete or upgrade the CGI.\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\ncgi[0] = \"AT-admin.cgi\"; cve[0] = \"CVE-1999-1072\";\ncgi[1] = \"CSMailto.cgi\"; cve[1] = \"CVE-2002-0749\";\ncgi[2] = \"UltraBoard.cgi\"; cve[2] = \"CVE-2001-0135\";\ncgi[3] = \"UltraBoard.pl\"; cve[3] = cve[2];\ncgi[4] = \"YaBB.cgi\"; cve[4] = \"CVE-2002-0955\";\ncgi[5] = \"a1disp4.cgi\"; cve[5] = \"CVE-2001-0562\";\ncgi[6] = \"alert.cgi\"; cve[6] = \"CVE-2002-0346\";\ncgi[7] = \"authenticate.cgi\"; cve[7] = \"CVE-2000-0923\";\ncgi[8] = \"bbs_forum.cgi\"; cve[8] = \"CVE-2001-0123\";\ncgi[9] = \"bnbform.cgi\"; cve[9] = \"CVE-1999-0937\";\ncgi[10] = \"bsguest.cgi\"; cve[10] = \"CVE-2001-0099\";\ncgi[11] = \"bslist.cgi\"; cve[11] = \"CVE-2001-0100\";\ncgi[12] = \"catgy.cgi\"; cve[12] = \"CVE-2001-1212\";\ncgi[13] = \"cgforum.cgi\"; cve[13] = \"CVE-2000-1132\";\ncgi[14] = \"classifieds.cgi\"; cve[14] = \"CVE-1999-0934\";\ncgi[15] = \"csPassword.cgi\"; cve[15] = \"CVE-2002-0917\";\ncgi[16] = \"cvsview2.cgi\" ; cve[16] = \"CVE-2003-0153\";\ncgi[17] = \"cvslog.cgi\"; cve[17] = cve[16];\ncgi[18] = \"multidiff.cgi\"; cve[18] = \"CVE-2003-0153\";\ncgi[19] = \"dnewsweb.cgi\"; cve[19] = \"CVE-2000-0423\";\ncgi[20] = \"download.cgi\"; cve[20] = \"CVE-1999-1377\";\ncgi[21] = \"edit_action.cgi\"; cve[21] = \"CVE-2001-1196\";\ncgi[22] = \"emumail.cgi\"; cve[22] = \"CVE-2002-1526\";\ncgi[23] = \"everythingform.cgi\"; cve[23] = \"CVE-2001-0023\";\ncgi[24] = \"ezadmin.cgi\"; cve[24] = \"CVE-2002-0263\";\ncgi[25] = \"ezboard.cgi\"; cve[25] = \"CVE-2002-0263\";\ncgi[26] = \"ezman.cgi\"; cve[26] = cve[25];\ncgi[27] = \"ezadmin.cgi\"; cve[27] = cve[25];\ncgi[28] = \"FileSeek.cgi\"; cve[28] = \"CVE-2002-0611\";\ncgi[29] = \"fom.cgi\"; cve[29] = \"CVE-2002-0230\";\ncgi[30] = \"gbook.cgi\"; cve[30] = \"CVE-2000-1131\";\ncgi[31] = \"getdoc.cgi\"; cve[31] = \"CVE-2000-0288\";\ncgi[32] = \"global.cgi\"; cve[32] = \"CVE-2000-0952\";\ncgi[33] = \"guestserver.cgi\"; cve[33] = \"CVE-2001-0180\";\ncgi[34] = \"imageFolio.cgi\"; cve[34] = \"CVE-2002-1334\";\ncgi[35] = \"lastlines.cgi\"; cve[35] = \"CVE-2001-1205\";\ncgi[36] = \"mailfile.cgi\"; cve[36] = \"CVE-2000-0977\";\ncgi[37] = \"mailview.cgi\"; cve[37] = \"CVE-2000-0526\";\ncgi[38] = \"sendmessage.cgi\"; cve[38] = \"CVE-2001-1100\";\ncgi[39] = \"nsManager.cgi\"; cve[39] = \"CVE-2000-1023\";\ncgi[40] = \"perlshop.cgi\"; cve[40] = \"CVE-1999-1374\";\ncgi[41] = \"readmail.cgi\"; cve[41] = \"CVE-2001-1283\";\ncgi[42] = \"printmail.cgi\"; cve[42] = cve[41];\ncgi[43] = \"register.cgi\"; cve[43] = \"CVE-2001-0076\";\ncgi[44] = \"sendform.cgi\"; cve[44] = \"CVE-2002-0710\";\ncgi[45] = \"sendmessage.cgi\"; cve[45] = \"CVE-2001-1100\";\ncgi[46] = \"service.cgi\"; cve[46] = \"CVE-2002-0346\";\ncgi[47] = \"setpasswd.cgi\"; cve[47] = \"CVE-2001-0133\";\ncgi[48] = \"simplestmail.cgi\"; cve[48] = \"CVE-2001-0022\";\ncgi[49] = \"simplestguest.cgi\"; cve[49] = cve[48];\ncgi[50] = \"talkback.cgi\"; cve[50] = \"CVE-2001-0420\";\ncgi[51] = \"ttawebtop.cgi\"; cve[51] = \"CVE-2002-0203\";\ncgi[52] = \"ws_mail.cgi\"; cve[52] = \"CVE-2001-1343\";\ncgi[53] = \"survey.cgi\"; cve[53] = \"CVE-1999-0936\";\ncgi[54] = \"rxgoogle.cgi\"; cve[54] = \"CVE-2004-0251\";\ncgi[55] = \"ShellExample.cgi\"; cve[55] = \"CVE-2004-0696\";\ncgi[56] = \"Web_Store.cgi\"; cve[56] = \"CVE-2004-0734\";\ncgi[57] = \"csFAQ.cgi\"; cve[57] = \"CVE-2004-0665\";\n\ncheck_kb_cgi_dirs = script_get_preference( \"Check all detected CGI directories:\" );\n\nreport = string( \"The following dangerous CGI scripts were found\", \"\\n\" );\nreport += string( \"You should manually check each script and the associated CVE ID at cve.mitre.org\", \"\\n\\n\" );\n\nport = get_http_port( default:80 );\n\nif( check_kb_cgi_dirs == \"yes\" ) {\n dirs = make_list_unique( \"/\", \"/scripts\", \"/cgi-bin\", cgi_dirs( port:port ) );\n} else {\n dirs = make_list( \"/cgi-bin\" );\n}\n\nflag = FALSE;\n\nfor( i = 0; cgi[i]; i++ ) {\n\n foreach dir( dirs ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/\" + cgi[i];\n\n if( is_cgi_installed_ka( item:url, port:port ) ) {\n flag = TRUE;\n vuln_url = report_vuln_url( url:url, port:port, url_only:TRUE );\n report += vuln_url + \" (\" + cve[i] + ')\\n';\n }\n }\n}\n\nif( flag ) {\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
