Mnogosearch search.cgi Detection

medium Nessus Network Monitor Plugin ID 2499

Synopsis

The remote host is running an inherently insecure protocol or application.

Description

The remote host is running the mnogosearch search.cgi CGI program. There is a flaw in older versions of this software that may allow an attacker to gain a shell on this host.

Solution

Upgrade or patch according to vendor recommendations, or discontinue use of the script.

Plugin Details

Severity: Medium

ID: 2499

Family: Web Servers

Published: 1/6/2005

Updated: 3/6/2019

Nessus ID: 11735

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:mnogosearch:mnogosearch

Reference Information

CVE: CVE-2003-0436, CVE-2003-0437

BID: 7865, 7866