Lucene search
+L

formmail.pl

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2005 Mathieu PerrinType 
openvas
 openvas
🔗 plugins.openvas.org👁 19 Views

formmail.pl security vulnerability with arbitrary command executio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-1999-0172
29 Sep 199904:00
cve
Cvelist
CVE-1999-0172
29 Sep 199904:00
cvelist
EUVD
EUVD-1999-0172
7 Oct 202500:30
euvd
Tenable Nessus
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
1 Dec 199900:00
nessus
NVD
CVE-1999-0172
2 Aug 199504:00
nvd
OpenVAS
formmail.pl
3 Nov 200500:00
openvas
Positive Technologies
PT-1995-1010 · N/A · Formmail
2 Aug 199500:00
ptsecurity
RedhatCVE
CVE-1999-0172
7 Jan 202609:40
redhatcve
SourceLink
securityfocuswww.securityfocus.com/bid/2079
# SPDX-FileCopyrightText: 2005 Mathieu Perrin
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10076");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/2079");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-1999-0172");
  script_name("formmail.pl");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2005 Mathieu Perrin");
  script_family("Web application abuses");

  script_tag(name:"solution", value:"Remove it from /cgi-bin.");

  script_tag(name:"summary", value:"The 'formmail.pl' is installed. This CGI has a well known security flaw
  that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).");

  script_tag(name:"deprecated", value:TRUE);

  script_tag(name:"qod_type", value:"remote_vul");
  script_tag(name:"solution_type", value:"Workaround");

  exit(0);
}

exit(66); # broken

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Aug 2023 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 27.5
EPSS0.03291
19