Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2021 John LampeCGIMAIL.NASL
HistoryJun 11, 2003 - 12:00 a.m.

Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval

2003-06-1100:00:00
This script is Copyright (C) 2003-2021 John Lampe
www.tenable.com
186

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.8%

JSON

The CGI ‘CgiMail.exe’ exists on this web server. Some versions of this file are vulnerable to remote exploit.

An attacker can use this flaw to gain access to confidential data or further escalate their privileges.

#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(11721);
 script_version("1.23");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-2000-0726");
 script_bugtraq_id(1623);

 script_name(english:"Stalkerlab Mailers CGIMail.exe Arbitrary File Retrieval");
 script_summary(english:"Checks for the cgimail.exe file");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a CGI application that is affected by
an information disclosure vulnerability.");
 script_set_attribute(attribute:"description", value:
"The CGI 'CgiMail.exe' exists on this web server. Some versions of this
file are vulnerable to remote exploit.

An attacker can use this flaw to gain access to confidential data or
further escalate their privileges.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Aug/418");
 script_set_attribute(attribute:"solution", value:"There is no known solution at this time.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/08/29");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);

if(!get_port_state(port))exit(0);

flag = 0;
directory = "";

foreach dir (cgi_dirs()) {
   if(is_cgi_installed_ka(item:string(dir, "/cgimail.exe"), port:port)) {
  	flag = 1;
  	directory = dir;
  	break;
   }
}

if (flag) security_note(port);

Related

nvd 1
cve 1
openvas 1
cvelist 1
nvd
nvd
CVE-2000-0726
2000-10-20 04:00:00
cve
cve
CVE-2000-0726
2001-05-07 04:00:00
openvas
openvas
CgiMail.exe vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2000-0726
2001-05-07 04:00:00

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for CGIMAIL.NASL
nvd1cve1openvas1cvelist1