GEN:SID 1:805
Message WEB-CGI webspeed access
Summary This event is generated when an attempt is made to exploit an
authentication vulnerability in the WebSpeed WSIS Messenger
Administration Utility.
Impact Information gathering and system integrity. Unauthorized administrative
access to the to the WebSpeed configuration utility can allow an
attacker to view and change WebSpeed configuration, and possibly stop
WebSpeed services.
Detailed Information The WSIS Messenger Administration Utility is a web-based administration
utility provided with the Progress WebSpeed 3.0 development environment
and transaction server. It allows WebSpeed administrators to remotely
manage the WebSpeed system. The configuration utility has a
vulnerability that allows unauthenticated users to configure services
when the WSMAdmin function is invoked using wsisa.dll.
Affected Systems Any system running Progress WebSpeed 3.0 WSIS Messenger Administration
Utility.
Attack Scenarios An attacker can access the WSIS Messenger Administration Utility, which
can then be used to view and change WebSpeed configuration. The attacker
can potentially stop WebSpeed services.
Ease of Attack Simple. Exploits exist.
Corrective Action Disable the WSIS Messenger Administration Utility.

Install the appropriate patch. Patches can be found at
http://www.progress.com/patches/patchlst/availpatche.html.

Disallow access to the WSIS Messenger Administration Utilility from
sources external to the protected network.
Additional References Bugtraq
http://www.securityfocus.com/bid/969

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127
Rule References arachnids: 467
bugtraq: 969
cve: 2000-0127
nessus: 10304