Matt Wright FormHandler.cgi Arbitrary File Access

medium Nessus Plugin ID 10075

Synopsis

A web application on the remote host is affected by an information disclosure vulnerability.

Description

The 'FormHandler.cgi' CGI application installed on the remote host is affected by an information disclosure vulnerability that lets anyone read arbitrary files with the privileges of the web server. An unauthenticated, remote attacker can exploit this to disclose sensitive information, which could be used to facilitate further attacks.

Solution

Remove FormHandler.cgi from the web server.

See Also

https://seclists.org/bugtraq/1999/Nov/166

Plugin Details

Severity: Medium

ID: 10075

File Name: formhandler.nasl

Version: 1.42

Type: remote

Family: CGI abuses

Published: 12/13/1999

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-1999-1050

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

Vulnerability Publication Date: 11/11/1999

Reference Information

CVE: CVE-1999-1050

BID: 799