SCAN: Uploader.exe Access
This signature detects access to the uploader.exe CGI program. Attackers can exploit this program to remotely execute arbitrary commands on the Web server.
Extended Description
By default, O'Reilly WebSite Pro installs the following directories on the web root as read accessible by any user: cgi-win cgi-shl cgi-src cgi-temp The program uploader.exe exists in the /cgi-win directory. Any remote user can execute this program by performing a GET request for http://target/cgi-win/uploader.exe. This program will allow the user to upload any file to the remote server.
Affected Products
Oreilly_software website_professional
References
BugTraq: 1611
CVE: CVE-1999-0177
URL: http://www.securityfocus.com/archive/1/79791 http://website.oreilly.com/
Short Name
SCAN:MISC:HTTP:UPLOADER-EXE
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access CVE-1999-0177 Uploader.exe bid:1611
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Oreilly_software
CVSS Score
7.5