VsSetCookie.exe Vulnerability Network Vulnerability

Summary

The file VsSetCookie.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit.

Solution

remove it from /cgi-bin. To manually test the server, you can try: http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name> With a correctly guessed User Name, you will gain full access to the CGI. *** As openvas solely relied on the banner of the remote host *** this might be a false positive

Severity

Classification

CVE CVE-2002-0236
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Information Disclosure Vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability
68designs 68kb Multiple Remote File Include Vulnerabilities
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Artmedic Kleinanzeigen File Inclusion Vulnerability

VsSetCookie.exe vulnerability

Take action and discover your vulnerabilities