ID OSVDB:7592
Type osvdb
Reporter OSVDB
Modified 1999-12-09T00:00:00
Description
No description provided by the source
References:
Vendor Specific Advisory URL
ISS X-Force ID: 3707
CVE-1999-0978
Bugtraq ID: 867
{"title": "ht://Dig Shell Escape Arbitrary Command Execution", "published": "1999-12-09T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "cvelist": ["CVE-1999-0978"], "viewCount": 0, "affectedSoftware": [], "hash": "36e7b2dba49d091efc924846592d0f4299e3722cfd7dc9e03bcbf3e997ec489a", "id": "OSVDB:7592", "modified": "1999-12-09T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:7592", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "62ed3239449a29eed61d98b30d5ffc3d", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "342f95e38fb12f4a26644bfa4941b126", "key": "description"}, {"hash": "93468c0e6926782ad323d5751d720b80", "key": "href"}, {"hash": "37f1613cc1af6e781ed13f54a358c96d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "37f1613cc1af6e781ed13f54a358c96d", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "955b328dc7cd615c13af5464c9183464", "key": "reporter"}, {"hash": "ff3cf469f9fabc1a0bac1cdab7dbb00a", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/1999/19991209)\nISS X-Force ID: 3707\n[CVE-1999-0978](https://vulners.com/cve/CVE-1999-0978)\nBugtraq ID: 867\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "lastseen": "2017-04-28T13:20:02"}
{"cve": [{"lastseen": "2016-09-03T02:22:16", "references": ["http://www.securityfocus.com/bid/867"], "description": "htdig allows remote attackers to execute commands via filenames with shell metacharacters.", "edition": 1, "reporter": "NVD", "published": "1999-12-09T00:00:00", "title": "CVE-1999-0978", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T02:22:16", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-1999-0978"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:2.1"], "modified": "2008-09-09T08:36:34", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0978", "id": "CVE-1999-0978", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[CVE-1999-0978](https://vulners.com/cve/CVE-1999-0978)\nBugtraq ID: 867\n", "reporter": "OSVDB", "published": "1999-12-09T00:00:00", "title": "ht://Dig Filename Shell Metacharacter Arbitrary Command Execution", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-1999-0978"], "modified": "1999-12-09T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1160", "id": "OSVDB:1160", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:36:59", "references": ["http://www.debian.org/security/2000/20000227"], "pluginID": "10105", "description": "The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host.", "edition": 4, "reporter": "Tenable", "published": "2000-03-03T00:00:00", "title": "ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0978", "CVE-2000-0208"], "modified": "2018-06-13T00:00:00", "cpe": [], "id": "HTDIG.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10105);\n script_version (\"1.34\");\n\n script_cve_id(\"CVE-1999-0978\", \"CVE-2000-0208\");\n script_bugtraq_id(867, 1026);\n\n script_name(english:\"ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities\");\n script_summary(english:\"Checks if htdig is vulnerable\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web search engine that is affected by an\ninformation disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'htsearch' CGI, which is part of the htdig package, allows anyone\nto read arbitrary files on the target host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.debian.org/security/2000/20000227\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to htdigg 3.1.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:W/RC:ND\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2000/03/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"1999/12/09\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\n\nforeach dir (cgi_dirs())\n{\n res = http_send_recv3(\n method:\"GET\", \n item:string(dir, \"/htsearch?exclude=%60/etc/passwd%60\"), \n port:port\n );\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n \n if(egrep(pattern:\".*root:.*:0:[01]:.*\", string:res[2])){\n security_warning(port);\n exit(0);\n }\n}\n\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
