Mnogosearch search.cgi Detection

High Nessus Network Monitor Plugin ID 2499

Synopsis

The remote host is running an inherently insecure protocol or application.

Description

The remote host is running the mnogosearch search.cgi CGI program. There is a flaw in older versions of this software that may allow an attacker to gain a shell on this host.

Solution

Upgrade or patch according to vendor recommendations, or discontinue use of the script.

Plugin Details

Severity: High

ID: 2499

File Name: 2499.prm

Family: Web Servers

Published: 2005/01/06

Modified: 2016/01/22

Dependencies: 1442

Nessus ID: 11735

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Reference Information

CVE: CVE-2003-0436, CVE-2003-0437

BID: 7865, 7866

OSVDB: 11872, 11873