GEN:SID | 1:2223 |
Message | WEB-CGI csNews.cgi access |
Summary | This event is generated when an attempt is made to access csNews.cgi on an internal web server. This may indicate an attempt to exploit a file disclosure vulnerability in csNews.cgi, a script distributed by CGIScript.NET.
|
Impact | Information disclosure. The attacker must have an authenticated account to successfully execute this exploit.
|
Detailed Information | csNews.cgi is a Perl script that manages web-based news items, and contains a vulnerability in its ability to decode and filter out double-decoded URL data on the Advanced Settings page. An authenticated attacker can insert double-decoded directory traversals and file names into the header or footer parameters in csNews.cgi, and the files will appear in the header or footer of the page.
|
Affected Systems | Systems running CGISCRIPT.NET csNews 1.0 or CGISCRIPT.NET csNews Professional 1.0
|
Attack Scenarios | An attacker crafts a URL with /../../passwd double-encoded in the header or footer parameter. If the password file exists in that location, the file will appear in the header or footer of the web page.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | It is not known if this vulnerability has been patched or fixed in later versions. Contact the vendor for more information.
|
Additional References | |
Rule References | bugtraq: 4994
cve: 2002-0923
nessus: 11726
|