KW Whois CGI whois Parameter Arbitrary Command Execution

This script is Copyright (C) 2000-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts a CGI script that allows execution of
arbitrary commands.

Description :

The version of the KW whois CGI script installed on the remote web
server fails to filter input to the 'whois' parameter of shell
metacharacters. An unauthenticated, remote attacker can leverage this
issue to execute arbitrary commands with the privileges of the http

See also :

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.1
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 10541 (kw_whois.nasl)

Bugtraq ID: 1883

CVE ID: CVE-2000-0941

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now