Pi3Web tstisap.dll Long URL Overflow

High Nessus Plugin ID 10618


The remote web server contains a script that is affected by several issues.


The '/isapi/tstisapi.dll' cgi is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http service.

In addition, it discloses the physical path to the web root if an invalid URL is requested.


Remove the script from /isapi.

Plugin Details

Severity: High

ID: 10618

File Name: pi3web_isapi.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2001/02/20

Modified: 2014/07/11

Dependencies: 10107, 17975, 10386

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:pi3:pi3web

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2001/02/15

Reference Information

CVE: CVE-2001-0302, CVE-2001-0303

BID: 2381

OSVDB: 514, 4970