SCAN: Architext_query.pl Access
This signature detects attempts to exploit the architext_query.pl script vulnerability in the Excite for Web Server package. Attackers can send a semi-colon as an argument to the script, followed by the shell command to execute arbitrary shell commands.
Extended Description
Excite for Web Servers, version 1.1, for Unix and Windows NT platforms, is a search engine software suite. A vulnerability in one of the scripts, architext_query.pl, allows a remote attacker to execute arbitrary commands with the privileges of the web server. Specific details of how this can be accomplished are not currently known by SecurityFocus staff, although it has been suggested that this is a shell metacharacter (eg., the pipe character) filtering issue (see CVE). Consequences of successful exploitation could include web site defacement, elevation of privileges by exploiting locally accessible vulnerabilities, etc.
Affected Products
Excite excite_for_web_servers
References
BugTraq: 2248
CVE: CVE-1999-0279
URL: http://www.insecure.org/sploits/excite_for_web_servers_cgi.html
Short Name
SCAN:MISC:HTTP:ARCHITEXT-QUERY
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access Architext_query.pl CVE-1999-0279 bid:2248
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Excite
CVSS Score
7.5