Summary
The remote host seems to be vulnerable to a security problem in CGIEmail (cgicso). The vulnerability is caused by inadequate processing of queries by CGIEmail's cgicso and results in a command execution vulnerability.
Impact
The server can be compromised by executing commands as the web server's running user (usually 'nobody').
Solution
Modify cgicso.h to contain a strict setting of your finger host.
Example:
Define the following in cgicso.h:
#define CGI_CSO_HARDCODE
#define CGI_CSO_FINGERHOST 'localhost'
Severity
Classification
-
CVE CVE-2002-1652 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- 'research_display.php' SQL Injection Vulnerability
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability