Vulnerabilities > CVE-1999-0885 - Unspecified vulnerability in Computer Software Manufaktur Alibaba 2.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Computer Software Manufaktur Alibaba 2.0 Multiple CGI Vulnerabilties. CVE-1999-0885. Remote exploit for windows platform |
| id | EDB-ID:19595 |
| last seen | 2016-02-02 |
| modified | 1999-11-03 |
| published | 1999-11-03 |
| reporter | Kerb |
| source | https://www.exploit-db.com/download/19595/ |
| title | Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilties |
Nessus
NASL family CGI abuses NASL id ALIBABA_GET32.NASL description The last seen 2020-06-01 modified 2020-06-02 plugin id 10011 published 1999-11-04 reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10011 title Alibaba get32.exe Arbitrary Command Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10011); script_version("1.33"); script_cvs_date("Date: 2018/06/13 18:56:25"); script_cve_id("CVE-1999-0885"); script_bugtraq_id(770); script_name(english:"Alibaba get32.exe Arbitrary Command Execution"); script_summary(english:"Checks for the presence of /cgi-bin/get32.exe"); script_set_attribute(attribute:"synopsis", value:"Arbitrary command may be run on this server."); script_set_attribute(attribute:"description", value: "The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon (typically root or nobody)."); script_set_attribute(attribute:"solution", value: "Remove the 'get32.exe' script from your web server's CGI directory (usually cgi-bin/).."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/11/04"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80); if (is_cgi_installed3(item:"get32.exe", port:port)) security_hole(port);NASL family CGI abuses NASL id ALIBABA_TST.NASL description The last seen 2020-06-01 modified 2020-06-02 plugin id 10014 published 1999-11-04 reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10014 title Alibaba tst.bat Arbitrary Command Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10014); script_version ("1.38"); script_cve_id("CVE-1999-0885"); script_bugtraq_id(770); script_name(english:"Alibaba tst.bat Arbitrary Command Execution"); script_summary(english:"Checks for the presence of /cgi-bin/tst.bat"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure vulnerability." ); script_set_attribute(attribute:"description", value: "The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system." ); script_set_attribute(attribute:"solution", value: "Remove the 'tst.bat' script from your web server's CGI directory (typically cgi-bin/)." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "1999/11/04"); script_set_attribute(attribute:"vuln_publication_date", value: "1999/11/03"); script_cvs_date("Date: 2018/06/13 18:56:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); function check(req, exp) { local_var b, r; r = http_send_recv3(method:"GET", item:req, port:port); if (isnull(r)) exit(0); b = strcat(r[0], r[1], '\r\n', r[2]); if(exp >< b)return(1); return(0); } foreach dir (cgi_dirs()) { item1 = string(dir, "/tst.bat|type%20c:\\windows\\win.ini"); item2 = string(dir, "/tst.bat|type%20c:\\winnt\\win.ini"); if(check(req:item1, exp:"[windows]")) { security_warning(port); exit(0); } if(check(req:item2, exp:"[fonts]")) { security_warning(port); exit(0); } }