Lucene search
cgiWebupdate.exe Information Disclosure / Privilege Escalation Vulnerability
🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2003 John LampeType 
openvas🔗 plugins.openvas.org👁 12 Views
cgiWebupdate.exe Information Disclosure / Privilege Escalation Vulnerabilit
Show more
| Reporter | Title | Published | Views | Family All 4 |
|---|---|---|---|---|
 | CVE-2001-1150 | 15 Mar 200205:00 | – | cvelist |
 | CVE-2001-1150 | 22 Aug 200104:00 | – | nvd |
 | Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval | 11 Jun 200300:00 | – | nessus |
 | CVE-2001-1150 | 15 Mar 200205:00 | – | cve |
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/3216 |
# SPDX-FileCopyrightText: 2003 John Lampe
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.11722");
script_version("2025-04-11T05:40:28+0000");
script_tag(name:"last_modification", value:"2025-04-11 05:40:28 +0000 (Fri, 11 Apr 2025)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3216");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2001-1150");
script_name("cgiWebupdate.exe Information Disclosure / Privilege Escalation Vulnerability");
script_category(ACT_ATTACK); # nb: Direct access to a .exe file might be already seen as an attack
script_copyright("Copyright (C) 2003 John Lampe");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl",
"DDI_Directory_Scanner.nasl", "os_detection.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("Host/runs_windows");
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"solution", value:"Remove it from the cgi-bin or scripts folder.");
script_tag(name:"summary", value:"The CGI 'cgiWebupdate.exe' exists on this webserver.
Some versions of this file are vulnerable to remote exploit.
An attacker can use this hole to gain access to confidential data
or escalate their privileges on the web server.");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"Workaround");
exit(0);
}
include("http_func.inc");
include("http_404.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port( default:80 );
foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" ) dir = "";
url = dir + "/cgiWebupdate.exe";
if( http_is_cgi_installed_ka( item:url, port:port ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 0 );
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Nov 2005 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS25
EPSS0.00834