Summary
The remote web server contains a CGI script that suffers from a buffer overflow vulnerability.
Description :
The remote host appears to be running WebNews, which offers web-based access to Usenet news.
Some versions of WebNews are prone to a buffer overflow when processing a query string with an overly-long group parameter. An attacker may be able to leverage this issue to execute arbitrary shell code on the remote host subject to the permissions of the web server user id.
Solution
Apply the patch made released by the vendor on February 14th, 2002 if running Webnews 1.1 or older.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-0290 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability