SCAN: dcforum.cgi Access
This signature detects access to the vulnerable dcforum.cgi script in DCScripts DC Forum, 1.0-6.0, which is used to manage Web-based discussion boards. Attackers can gain administrative access to the server.
Extended Description
DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. Additionally, it has been reported that the dcforum.cgi script can be made to delete itself if the attacker attempts to read its source code using this method, effectively permitting a denial-of-service attack.
Affected Products
Dc_scripts dcforum
Short Name
SCAN:MISC:HTTP:DCFORUM-ACCESS
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access CVE-2000-1132 bid:1951 dcforum.cgi
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Dc_scripts
CVSS Score
6.4