HTTP: Glimpse Piped Command Execution
This signature detects attempts to exploit the vulnerable aglimpse CGI script used for searching a local Web server. The script accepts search queries and returns the results in a formatted HTML document. Attackers can use maliciously crafted URL requests to execute arbitrary commands on the Web server.
Extended Description
WebGlimpse and GlimpseHTTP are web indexing and search engine programs with some associated management scripts. GlimpseHTTP up to and including 2.0, and WebGlimpse prior to version 1.5, suffer from a common vulnerability involving the component "aglimpse". This script fails to filter the pipe metacharacter, allowing arbitrary command execution. The demonstration exploit for this vulnerability includes the unix shell "IFS" (Internal Field Separator) variable for situations where the web server filters space characters - by setting this to an acceptable character ("5" in the example exploit) it is possible to use commands with more than one field. (eg., "mail me@myhost.tld").
Affected Products
Webglimpse.org glimpsehttp
Short Name
HTTP:CGI:GLIMPSE-PIPE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-1999-0147 Command Execution Glimpse Piped bid:2026
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Webglimpse.org
CVSS Score
7.5