Summary
An attacker can run arbitrary code on the remote computer.
This is because the remote IIS server is running a version of ActivePerl prior to 5.6.1.630 and has the Check that file exists option disabled for the perlIS.dll.
Solution
Either upgrade to a version of ActivePerl more
recent than 5.6.1.629 or enable the Check that file exists option.
To enable this option, open up the IIS MMC, right click on a (virtual) directory in your web server, choose Properties,
click on the Configuration... button, highlight the .plx item, click Edit, and then check Check that file exists.
More Information: http://www.securityfocus.com/bid/3526
Severity
Classification
-
CVE CVE-2001-0815 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Adobe ColdFusion Directory Traversal Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution