Title: Excite for Web Servers 1.1 Command Execution Vulnerability
Severity: MODERATE
Description:
Excite for Web Servers, version 1.1, for Unix and Windows NT platforms, is a search engine software suite. A vulnerability in one of the scripts, architext_query.pl, allows a remote attacker to execute arbitrary commands with the privileges of the web server. Specific details of how this can be accomplished are not currently known by SecurityFocus staff, although it has been suggested that this is a shell metacharacter (eg., the pipe character) filtering issue (see CVE). Consequences of successful exploitation could include web site defacement, elevation of privileges by exploiting locally accessible vulnerabilities, etc.
Affected Products:
- Excite Excite for Web Servers 1.1.0
References:
- Excite, Inc.: Excite for Web Servers bug patches
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
