Vulnerabilities > CVE-2002-1361 - Unspecified vulnerability in SUN Cobalt RAQ 4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Exploit-Db
| description | Cobalt RaQ4 Administrative Interface Command Execution Vulnerability. CVE-2002-1361. Remote exploit for linux platform |
| id | EDB-ID:22072 |
| last seen | 2016-02-02 |
| modified | 2002-12-05 |
| published | 2002-12-05 |
| reporter | grazer |
| source | https://www.exploit-db.com/download/22072/ |
| title | Cobalt RaQ4 Administrative Interface Command Execution Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | COBALT_OVERFLOW_CGI.NASL |
| description | /cgi-bin/.cobalt/overflow/overflow.cgi was detected. Some versions of this CGI allow remote users to execute arbitrary commands with the privileges of the web server. *** Nessus just checked the presence of this file *** but did not try to exploit the flaw, so this might *** be a false positive. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11190 |
| published | 2002-12-12 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11190 |
| title | Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution |
References
- http://marc.info/?l=bugtraq&m=103912513522807&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
- http://www.cert.org/advisories/CA-2002-35.html
- http://www.ciac.org/ciac/bulletins/n-025.shtml
- http://www.kb.cert.org/vuls/id/810921
- http://www.securityfocus.com/bid/6326
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10776