GEN:SID 1:2203
Message WEB-CGI everythingform.cgi access
Summary This event is generated when an attempt is made to access everythingform.cgi on an internal web server. This may indicate an attempt to exploit a remote command execution vulnerability in Leif M. Wright's everythingform.cgi script.
Impact Remote execution of arbitrary code, possibly leading to remote root compromise.
Detailed Information Leif Wright's everythingform.cgi script is a Perl script that processes multiple forms. It contains a parsing vulnerability in a hidden "config" field that enables an attacker to run arbitrary shell commands with the security context of the web server.
Affected Systems Web servers running Leif M. Wright Everythingform.cgi 2.0.
Attack Scenarios An attacker uses a specially crafted value for the config field. Any commands included in the value are executed with the security context of the web server.
Ease of Attack Simple. Exploits exist.
Corrective Action Disable everythingform.cgi.
Additional References Bugtraq
http://www.securityfocus.com/bid/2101
Rule References bugtraq: 2101
bugtraq: 4579
cve: 2001-0023
nessus: 11748