Summary
The AlienForm CGI script allows an attacker
to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file.
The AlienForm CGI script is installed as either af.cgi or alienform.cgi
For more details, please see:
http://online.securityfocus.com/archive/1/276248/2002-06-08/2002-06-14/0
Solution
Disable AlienForm
Severity
Classification
-
CVE CVE-2002-0934 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- An Image Gallery Directory Traversal Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability