SCAN: Sendform.cgi Access
This signature detects access to the sendform.cgi script, known to contain various directory traversal vulnerabilities.
Extended Description
A vulnerability has been reported for sendform.cgi. Reportedly, sendform.cgi may disclose arbitrary files to remote attackers. The script has an optional feature to send 'blurb files' to the email addresses that are provided on the web form. However, sendform.cgi does not make proper checks for the BlurbFilePath parameter. Thus it is possible for a remote attacker to modify the value of the BlurbFilePath parameter and obtain access to arbitrary files.
Affected Products
Rod_clark sendform.cgi
References
BugTraq: 5286
CVE: CVE-2002-0710
URL: http://www.securiteam.com/securitynews/5VP0V0A7PG.html http://www.iss.net/security_center/static/9725.php
Short Name
SCAN:MISC:HTTP:SENDFORM-ACCESS
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access CVE-2002-0710 Sendform.cgi bid:5286
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Rod_clark
CVSS Score
6.4