GEN:SID 1:2213
Message WEB-CGI mailfile.cgi access
Summary This event is generated when an attempt is made to access mailfile.cgi on an internal web server. This may indicate an attempt to exploit a file disclosure vulnerability in Oatmeal Studios Mail File 1.10.
Impact Information disclosure.
Detailed Information Mail File 1.10 is a Perl script that allows web site visitors to email files to any user using an online form. It contains a vulnerability where an attacker can craft a URL with an arbitrary file name in the "filename" argument. If the file exists on the server, it is emailed to the address that the attacker specifies in the URL.
Affected Systems Systems running Oatmeal Studios Mail File 1.10.
Attack Scenarios An attacker sends a specially crafted HTTP request to a vulnerable web server with /../../../etc/passwd as the filename argument. If the web server's password file exists at that location, it is sent to the email address specified in the URL.
Ease of Attack Simple. Exploits exist.
Corrective Action Disable mailfile.cgi.
Additional References Bugtraq
http://www.securityfocus.com/bid/1807
Rule References bugtraq: 1807
bugtraq: 4579
cve: 2000-0977
nessus: 11748