Vulnerabilities > CVE-1999-0266 - Unspecified vulnerability in Roar Smith Info2Www
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The info2www CGI script allows remote file access or remote command execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Info2www 1.0/1.1 CGI Input Handling Vulnerability. CVE-1999-0266 . Remote exploit for cgi platform |
id | EDB-ID:20430 |
last seen | 2016-02-02 |
modified | 1998-03-03 |
published | 1998-03-03 |
reporter | Niall Smart |
source | https://www.exploit-db.com/download/20430/ |
title | Info2www 1.0/1.1 CGI Input Handling Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | INFO2WWW.NASL |
description | The |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10127 |
published | 1999-06-22 |
reporter | This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10127 |
title | Multiple Vendor info2www CGI Arbitrary Command Execution |
code |
|
Seebug
bulletinFamily | exploit |
description | BugCVE: CVE-1999-0266 BUGTRAQ: 1995 “info2www”是一个将GNU Info文本转化成HTML文件的CGI程序。 某些早期版本的info2www脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以Web进程的权限在主机上 执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些shell元字符,远程攻击者可能以Web守护程序的权限(root或nobody)在主机上执行任意程序。 1.0-1.1 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 如果不需要使用info2www脚本,去除此脚本的执行权限或删除之。 厂商补丁: Roar Smith ---------- 程序作者已经在最新版的软件中修补了此安全漏洞,请到作者的主页下载: <a href=http://www.gnu.org/directory/gnats.html target=_blank>http://www.gnu.org/directory/gnats.html</a> |
id | SSV:4291 |
last seen | 2017-11-19 |
modified | 2008-10-25 |
published | 2008-10-25 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-4291 |
title | RoarSmithinfo2www远程执行任意命令漏洞 |