GEN:SID | 1:980 |
Message | WEB-IIS CGImail.exe access |
Summary | This event is generated when an attempt is made to disclose the contents of a file on an host running Stalkerlab's CGIMail server.
|
Impact | Intelligence gathering activity. This attack can display the contents of a file on the server.
|
Detailed Information | Stalkerlab's CGIMail is a CGI program that permits an HTTP server to send SMTP mail using the data from the HTLM form. A vulnerability exits in the CGImail.exe program that can disclose the contents of files on the web server. This can be accomplished by locally modifying the Web page that sends data to the SMTP server. The modifications would include setting specific variable values to file names that the attacker wishes to examine.
|
Affected Systems | Hosts running Stalkerlab CGIMail 1.1.2
|
Attack Scenarios | An attacker can modify an HTML form used by Stalkerlab CGIMail that passes data to the SMTP server. This can permit disclosure of file contents on the server.
|
Ease of Attack | Simple.
|
Corrective Action | No known remedy or patch is available.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/1623
CVE http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0726
|
Rule References | bugtraq: 1623
cve: 2000-0726
|