HTTP: Anyform Semicolon
This signature detects attempts to exploit a known vulnerability against AnyForm CGI script. AnyForm is a popular CGI form designed to support simple forms that deliver responses through e-mail. Some versions of AnyForm do not perform user supplied data sanity checking, and can allow remote execution of arbitrary commands on the server.
Extended Description
AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which the web server runs as, typically 'nobody'.
Affected Products
John_s._roberts anyform
Short Name
HTTP:CGI:ANYFORM-SEMICOLON
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Anyform CVE-1999-0066 Semicolon bid:719
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
John_s._roberts
CVSS Score
7.5