Detections
Analytics
O'Reilly WebSite uploader.exe Arbitrary File Upload
high Nessus Plugin ID 10291
Synopsis
The remote web server contains a CGI script that is prone to arbitrary command execution.Description
The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them.Solution
Verify that the affected script does not allow arbitrary uploads and remove it if it does.See Also
https://insecure.org/sploits/oreily.website.uploader.exe.html
http://web.archive.org/web/20070810043351/http://xforce.iss.net:80/xforce/xfdb/294
Plugin Details
Severity: High
ID: 10291
File Name: uploader_exe.nasl
Version: 1.35
Type: remote
Family: CGI abuses
Published: 6/22/1999
Updated: 1/19/2021
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Vulnerability Publication Date: 9/4/1997
Reference Information
CVE: CVE-1999-0177