GEN:SID | 1:2194 |
Message | WEB-CGI CSMailto.cgi access |
Summary | This event is generated when an attempt is made to access CSMailto.cgi on an internal web server. This may indicate an attempt to exploit an input validation vulnerability in a form mail script distributed by CGIScript.NET.
|
Impact | Remote execution of arbitrary code and information disclosure.
|
Detailed Information | CSMailto.cgi is a Perl script that manages multiple email forms. An attacker can use a specially crafted URL to execute shell commands on the server and/or email files from the server to a remote email address.
|
Affected Systems | Any web server running CGIScript.NET CSMailto.cgi.
|
Attack Scenarios | An attacker places shell code in a URL sent to CSMailto.cgi on the web server. The server then executes the code.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | It is unknown if this vulnerability has been fixed. Contact the vendor, CGIScript.NET (http://www.cgiscript.net) for more information.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/4579
|
Rule References | bugtraq: 4579
bugtraq: 6265
cve: 2002-0749
nessus: 11748
|