Detections
Analytics

Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution

high Nessus Plugin ID 10064

Synopsis

A web application running on the remote host has an arbitrary command execution vulnerability.

Description

Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server.

Versions newer than 1.1. are patched.

Solution

If you are running version 1.1 or older, upgrade it.

See Also

https://seclists.org/bugtraq/1997/Dec/111

Plugin Details

Severity: High

ID: 10064

File Name: ews.nasl

Version: 1.36

Type: remote

Family: CGI abuses

Published: 8/20/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 1/16/1998

Reference Information

CVE: CVE-1999-0279

BID: 2248