Detections
Analytics
AN HTTPd count.pl Traversal Arbitrary File Overwrite (deprecated)
critical Nessus Plugin ID 11555
Language:
Synopsis
This plugin has been deprecated.Description
The remote web server is running a CGI called 'count.pl' which is affected by an directory traversal vulnerability. An attacker could exploit this in order to overwrite any existing file on the remote server, with the privileges of the httpd server.This plugin has been deprecated as it resulted in false positives without reliable detecting the vulnerability on the intended target. AN HTTPd has not been available to download for several years and the website no longer exists.
See Also
https://www.securityfocus.com/archive/1/319354/30/0/threaded
Plugin Details
Severity: Critical
ID: 11555
File Name: an_httpd_count_cgi.nasl
Version: 1.23
Type: remote
Family: CGI abuses
Published: 4/27/2003
Updated: 3/27/2020
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: This vulnerability could be used to overwrite any existing file on the remote server.
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS Score Source: manual
CVSS v3
Risk Factor: Critical
Base Score: 10
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Exploit Available: true
Exploit Ease: No exploit is required
Reference Information
BID: 7397