Multiple Vendor jj CGI Arbitrary Command Execution

high Nessus Plugin ID 10131

Synopsis

A CGI on the remote web server has a command execution vulnerability.

Description

The 'jj' CGI is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server.

Please note that Nessus only checked for the existence of this CGI, and did not attempt to exploit it.

Solution

Remove this CGI from the web server.

See Also

https://seclists.org/bugtraq/1996/Dec/142

Plugin Details

Severity: High

ID: 10131

File Name: jj.nasl

Version: 1.37

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 12/24/1996

Reference Information

CVE: CVE-1999-0260

BID: 2002