Detections
Analytics

ActivePerl findtar Sample Script Remote Command Execution

critical Nessus Plugin ID 11007

Synopsis

The remote host is running a scripting language that is affected by a remote command execution flaw.

Description

The remote host is running a version of ActiveState Perl which is affected by a remote command execution flaw. An attacker could exploit this flaw in order to execute arbitrary commands in the context of the affected application.

Solution

Upgrading to version 5.6.3 or newer reportedly fixes the vulnerability.

See Also

https://seclists.org/bugtraq/2000/Dec/119

Plugin Details

Severity: Critical

ID: 11007

File Name: activestate_perl.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 6/8/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: www/iis

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 12/7/2000