2.0B10

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

php

critical

nessus

exploit available

NVD

Published: 1997-08-01

Updated: 2022-08-17

Summary

php.cgi allows attackers to read any file on the system.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 2.0 PHP PHP 2.0B10 PHP PHP 1.0	3

Exploit-Db

description	PHP PHP/FI 2.0 Directory Traversal Vulnerability. CVE-1999-0238. Remote exploit for cgi platform
id	EDB-ID:20567
last seen	2016-02-02
modified	1997-04-16
published	1997-04-16
reporter	Shamanski
source	https://www.exploit-db.com/download/20567/
title	php php/fi 2.0 - Directory Traversal Vulnerability

Nessus

NASL family	CGI abuses
NASL id	PHP.NASL
description	'php.cgi
last seen	2020-06-01
modified	2020-06-02
plugin id	10177
published	1999-06-22
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10177
title	PHP/FI php.cgi Traversal Arbitrary File Access
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10177); script_version ("1.39"); script_cve_id("CVE-1999-0238"); script_bugtraq_id(2250); script_name(english:"PHP/FI php.cgi Traversal Arbitrary File Access"); script_set_attribute(attribute:"synopsis", value: "Arbitrary files can be read on the remote server." ); script_set_attribute(attribute:"description", value: "'php.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP server." ); script_set_attribute(attribute:"solution", value: "Remove it from /cgi-bin." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "1999/06/22"); script_set_attribute(attribute:"vuln_publication_date", value: "1997/09/01"); script_cvs_date("Date: 2018/07/25 14:27:29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:php:php"); script_end_attributes(); script_summary(english:"Checks for the presence of /cgi-bin/php.cgi"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl", "webmirror.nasl", "no404.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); foreach dir (cgi_dirs()) { u = string(dir, "/php.cgi?/etc/passwd"); r = http_send_recv3(method:"GET", item: u, port:port); if (isnull(r)) exit(0); buf = strcat(r[0], r[1], '\r\n', r[2]); if(egrep(pattern:".root:.:0:[01]:.*", string:buf)) security_warning(port, extra: strcat('The following URL will exhibit the flaw :\n\n', build_url(port: port, qs: u), '\n')); }

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0238