Summary
The 'formmail.pl' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).
Solution
remove it from /cgi-bin.
Severity
Classification
-
CVE CVE-1999-0172 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Information Disclosure Vulnerability
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- ATutor < 1.5.1-pl1 Multiple Flaws
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability