SCAN: Mmstdod.cgi Probe
This signature detects access to the mmstdod.cgi script, a common target of vulnerability scans.
Extended Description
A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open() function. Attackers can control the way open() is supposed to work and execute arbitrary commands. These commands will be executed with the privilege level of the CGI script (commonly user 'nobody'). This vulnerability may allow remote attackers to gain interactive 'local' access on the target server.
Affected Products
Endymion mailman_webmail
Short Name
SCAN:MISC:HTTP:MMSTDOD-PROBE
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
CVE-2001-0021 Mmstdod.cgi Probe bid:2063
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Endymion
CVSS Score
10.0