• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • CERT:CA-96.11
Assigning CNA
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20000114-01)
Votes (Legacy)
ACCEPT(2) Northcutt, Wall
MODIFY(1) Frech
NOOP(1) Baker
REVIEWING(1) Christey
Comments (Legacy)
 Christey> What is the right level of abstraction to use here?  Should
   we combine all possible interpreters into a single entry,
   or have a different entry for each one?  I've often seen
   Perl separated from other interpreters - is it included
   by default in some Windows web server configurations?
 Christey> Add tcsh, zsh, bash, rksh, ksh, ash, to support search.
 Frech> XF:http-cgi-vuln(146)

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.