Common Gateway Interface Interface (CGI) Access

Impact

Many Web servers support dynamic page generation through CGI, related scripting, and remote program execution. Several of these scripts/programs present vulnerabilities to the Web server to include: The table below provides a list of the vulnerabilities which SARA attempts to identify where the columns are:
ExploitCVECharacteristicReference
webdist1999-0039Execute commands on IRIX Web Serverhttp://www.securityfocus.com/bid/374
phf1999-0067Execute commands on Web Serverhttp://www.securityfocus.com/bid/629
campas1999-0146Execute commands on Web Serverhttp://xforce.iss.net/static/298.php
handler1999-0148Execute commands on IRIX Web Serverhttp://www.securityfocus.com/bid/380
htmlscript1999-0264Access files on Web Serverhttp://xforce.iss.net/static/1466.php
php1999-0058View files on Web Serverhttp://www.securityfocus.com/bid/911
count1999-0021Execute commands on Web Serverhttp://www.securityfocus.com/bid128
jj1999-0260View files on Web Server http://xforce.iss.net/static/1808.php
pfdispaly1999-0270Access files on Web Serverhttp://www.securityfocus.com/bid/64
faxsurvey1999-0262Execute commands on Web Serverhttp://xforce.iss.net/static/1532.php
info2www1999-0266Execute commands on Web Serverhttp://xforce.iss.net/static/1732.php
glimpse1999-0148Access files on IRIX Web Serverhttp://xforce.iss.net/static/340.php
webgais1999-0176Execute commands on Web Serverhttp://xforce.iss.net/static/296.php
websendmail1999-0196Execute commands on Web Serverhttp://xforce.iss.net/static/296.php
perlExecute commands on Web ServerRemove from Web directories
view_source1999-0174View files on Web Serverhttp://www.securityfocus.com/bid/303
uploader1999-0177Load/execute files on Webite Serverhttp://xforce.iss.net/static/294.php
args.cmdExecute commands on Website ServerDelete file
product.asp2000-0161Execute SQL commands on MS Serverhttp://xforce.iss.net/static/3997.php
win-c-sample1999-0178Execute commands on Web Serverhttp://www.securityfocus.com/bid/994
htsearch2000-0208View files on Web Serverhttp://www.securityfocus.com/bid/1026
infosrch2000-0207View files on IRIX Web Serverhttp://www.securityfocus.com/bid/1031
test-cgi1999-0070Web Server provides system informationhttp://xforce.iss.net/static/149.php
nph-test1999-0045Web Server provides system informationhttp://xforce.iss.net/static/289.php
wrap1999-0149IRIX Server provides system informationhttp://xforce.iss.net/static/290.php
bashDirect shell access from Web ServerRemove from Web directories
cshDirect shell access from Web ServerRemove from Web directories
kshDirect shell access from Web ServerRemove from Web directories
tcshDirect shell access from Web ServerRemove from Web directories
zshDirect shell access from Web ServerRemove from Web directories
coldfusion2000-0189Access files on Web Serverhttp://www.securityfocus.com/bid/1021
frontpageAccess to files on Web Serverhttp://xforce.iss.net/static/3682.php
codeRead files on MS Web Serverhttp://xforce.iss.net/static/2383.php
codebrwsRead files on MS Web Serverhttp://xforce.iss.net/static/2383.php
showcodeRead files on MS Web Serverhttp://xforce.iss.net/static/2383.php
pirahnaExecute commands on Linux Serverhttp://xforce.iss.net/static/4307.php
visdev2000-0260Execute commands on IIS Serverhttp://xforce.iss.net/static/4333.php
rdsExecute commands on IIS Serverhttp://xforce.iss.net/static/1212.php
ezshopperExecute commands on Web Serverhttp://xforce.iss.net/static/4044.php
mylog1999-0068View files on Web Serverhttp://xforce.iss.net/static/1468.php
mlog1999-0346View files on Web Serverhttp://xforce.iss.net/static/1505.php
jetadminView files on Web Serverhttp://xforce.iss.net/static/4525.php
big brotherView files on Web Serverhttp://xforce.iss.net/static/4879.php
source.aspWrite files on Apache Servershttp://xforce.iss.net/static/4931.php
pollit cgiView files on Web Serverhttp://xforce.iss.net/static/4878.php
answerbook2Execute commands on wdhttpd Serverhttp://www.securityfocus.com/bid/253
photoalbumExecute commands on Web Serverhttp://www.securityfocus.com/bid/1650
machineinfoView IRIX info on Web Serverhttp://xforce.iss.net/static/1730.php
PUT RequestWrite files on Web ServerCheck Permissions for / and /cgi-bin
PHPExecute commands on Web Serverhttp://www.securityfocus.com/bid/1786
Web ShopperRead files on Web Serverhttp://www.securityfocus.com/bid/1776
Shopping CartRead files on Web Serverhttp://www.securityfocus.com/bid/1777

Resolution

Resolution of the exploit(s) is provided in the Table Reference

CVE Reference(s):