2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.8%
The CGI ‘CgiMail.exe’ exists on this web server. Some versions of this file are vulnerable to remote exploit.
An attacker can use this flaw to gain access to confidential data or further escalate their privileges.
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11721);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2000-0726");
script_bugtraq_id(1623);
script_name(english:"Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval");
script_summary(english:"Checks for the cgimail.exe file");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a CGI application that is affected by
an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The CGI 'CgiMail.exe' exists on this web server. Some versions of this
file are vulnerable to remote exploit.
An attacker can use this flaw to gain access to confidential data or
further escalate their privileges.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Aug/418");
script_set_attribute(attribute:"solution", value:"There is no known solution at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"vuln_publication_date", value:"2000/08/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
flag = 0;
directory = "";
foreach dir (cgi_dirs()) {
if(is_cgi_installed_ka(item:string(dir, "/cgimail.exe"), port:port)) {
flag = 1;
directory = dir;
break;
}
}
if (flag) security_note(port);