GEN:SID | 1:2196 |
Message | WEB-CGI catgy.cgi access |
Summary | This event is generated when an attempt is made to access catgy.cgi on an internal web server. This may indicate an attempt to exploit a cross-site scripting vulnerability in Aktivate e-commerce software.
|
Impact | Arbitrary code execution, possible session hijack.
|
Detailed Information | Aktivate 1.03 is an e-commerce application for use on Linux and other UNIX-based operating systems. An attacker can craft a URL with malicious code in the "desc" command's argument that passes the commands to catgy.cgi. If a legitimate user activates the URL, malicious code may be executed on the client computer.
|
Affected Systems | Systems running Aktivate 1.03.
|
Attack Scenarios | An attacker may craft a URL that, when activated by a legitimate user, obtains the user's session cookie, thereby allowing the attacker to pose as the user for the duration of the session.
|
Ease of Attack | Simple. A proof of concept exists.
|
Corrective Action | It is not known if this vulnerability has been fixed. Contact the vendor, Allen & Keul Web Solutions (http://www.allen-keul.net) for more information.
|
Additional References | http://www.securityfocus.com/bid/3714
|
Rule References | bugtraq: 3714
bugtraq: 4579
cve: 2001-1212
nessus: 11748
|