ID de Prueba:	1.3.6.1.4.1.25623.1.0.10779
Categoría:	Web application abuses
Título:	CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability
Resumen:	The remote host seems to be vulnerable to a security problem in; CGIEmail (cgicso). The vulnerability is caused by inadequate processing of queries by CGIEmail's; cgicso and results in a command execution vulnerability.
Descripción:	Summary: The remote host seems to be vulnerable to a security problem in CGIEmail (cgicso). The vulnerability is caused by inadequate processing of queries by CGIEmail's cgicso and results in a command execution vulnerability. Vulnerability Impact: The server can be compromised by executing commands as the web server's running user (usually 'nobody'). Solution: Modify cgicso.h to contain a strict setting of your finger host. Example: Define the following in cgicso.h: #define CGI_CSO_HARDCODE #define CGI_CSO_FINGERHOST 'localhost' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1652 BugTraq ID: 6141 http://www.securityfocus.com/bid/6141 CERT/CC vulnerability note: VU#185251 http://www.kb.cert.org/vuls/id/185251 http://www.securiteam.com/exploits/5TP0W005FE.html http://securitytracker.com/id?1002395 XForce ISS Database: cgiemail-cgicso-get-bo(10595) https://exchange.xforce.ibmcloud.com/vulnerabilities/10595
Copyright	Copyright (C) 2001 SecurITeam & Copyright (C) 2001 Noam Rathaus

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.