[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PROPOSAL: Cluster 10 - CGI (31 candidates)



-----Original Message-----
From: Steven M. Christey [mailto:coley@linus.mitre.org]
Sent: Wednesday, June 23, 1999 4:46 PM
To: cve-review@linus.mitre.org
Subject: PROPOSAL: Cluster 10 - CGI (31 candidates)



This Low controversy cluster contains 31 candidates, all having to do
with vulnerabilities in CGI programs.

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g.
reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0066
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-anyform

AnyForm CGI remote execution

VOTE: accept, might want to add the reference BUGTRAG
"SECURITY HOLE:  "AnyForm" CGI
http://www.securityfocus.com/bugtraq/

=================================
Candidate: CAN-1999-0070
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-test

test-cgi program allows an attacker to list files on the server

VOTE: accept

=================================
Candidate: CAN-1999-0146
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-campas

The campas CGI program provided with some NCSA web servers allows an
attacker to read arbitrary files.

VOTE: accept, additional source,
Bugtraq
"Francisco Torres"
http://www.securityfocus.com

=================================
Candidate: CAN-1999-0147
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-glimpse

The aglimpse CGI program of the Glimpse package allows remote
execution of arbitrary commands

VOTE: accept, additional source
AUSCERT Alert AA-97.28
http://www.auscert.org.au
=================================
Candidate: CAN-1999-0148
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-handler

The handler CGI program in IRIX allows arbitrary command execution.

VOTE: accept, additional source
SGI Security Advisory 19970501-02-PX
http://www.sgi.com/Support/security/advisories.html

=================================
Candidate: CAN-1999-0149
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-wrap

The wrap CGI program in IRIX allows arbitrary command execution from
remote users.

VOTE:accept,  additional source
SGI Security Advisory 19970501-02-PX
http://www.sgi.com/Support/security/advisories.html

=================================
Candidate: CAN-1999-0172
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-exe

FormMail CGI program allows remote execution of commands.

VOTE: accept,  additional source
BUGTRAQ
"Security Hole:  FormMail"
http://www.securityfocus.com/bugtraq/1995

=================================
Candidate: CAN-1999-0173
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-use

FormMail CGI program can be used by web servers other than the
host server that the program resides on.

VOTE: noop

=================================
Candidate: CAN-1999-0174
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

The view-source CGI program allows remote attackers to read any file on
the system that is internally accessible by the web server.

VOTE: noop

=================================
Candidate: CAN-1999-0176
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-query

The Webgais program allows a remote user to execute arbitrary
commands.

VOTE: accept,  additional source

BUGTRAQ
"Vulnerability in WEBgais" Razvan Dragomirescu
http://www.securityfocus.com/bugtraq/1997_3/0057.html

=================================
Candidate: CAN-1999-0177
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-uploader

The uploader program in the WebSite web server allows a remote
attacker to execute arbitrary programs.

VOTE: noop

=================================
Candidate: CAN-1999-0178
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-winsample

The win-c-sample program in the WebSite web server has a buffer
overflow that allows remote execution of commands.

VOTE: noop

=================================
Candidate: CAN-1999-0191
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

IIS newdsn.exe CGI script allows remote users to overwrite files.

VOTE: noop

=================================
Candidate: CAN-1999-0196
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-smail

The websendmail program in the Webgais program allows a remote user to
access arbitrary files.

VOTE: accept,  additional source
BUGTRAQ
"Vulnerability in WEBgais" Razvan Dragomirescu
http://www.securityfocus.com/bugtraq/1997_3/0057.htm

=================================
Candidate: CAN-1999-0233
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-iis-cmd

IIS and WebSite allow users to execute arbitrary commands using
..bat or .cmd files.

VOTE: accept

=================================
Candidate: CAN-1999-0236
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-scriptalias

ScriptAlias directory in NCSA and Apache httpd allowed attackers to
read CGI programs.

VOTE: noop

=================================
Candidate: CAN-1999-0237
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-guestbook

Remote execution of arbitrary commands through Guestbook CGI program.

VOTE: accept,  additional source

CERT Vendor Bulletin VB-97-02
http://www.cert.org

=================================
Candidate: CAN-1999-0238
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-phpfileread

php.cgi allows attackers to read any file on the system.

VOTE: accept, additional source
AUSCERT External Security Bulletin ESB-97.047
http://www.auscert.org.au

Candidate: CAN-1999-0253
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-iis-2e

IIS 3.0 allows remote intruders to read source code for ASP programs
by using a "2e" instead of a "." in the URL.

VOTE: noop

=================================
Candidate: CAN-1999-0262
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

faxsurvey CGI script on Linux allows remote command execution via
shell metacharacters.

VOTE: accept

=================================
Candidate: CAN-1999-0264
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

htmlscript CGI program allows remote read access to files.

VOTE: accept

=================================
Candidate: CAN-1999-0268
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

MetaInfo MetaWeb web server allows users to upload and execute scripts.

VOTE: noop

=================================
Candidate: CAN-1999-0269
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Netscape Enterprise servers may list files through the PageServices query.

VOTE: accept

=================================
Candidate: CAN-1999-0270
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

pfdispaly CGI program for SGI's Performer API Search Tool allows read
access to files.

VOTE: accept,  additional source
CIAC Security Bulletin I-041
http://www.ciac.org

=================================
Candidate: CAN-1999-0271
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Progressive Networks Real Video server (pnserver) can be crashed remotely.

VOTE: noop

=================================
Candidate: CAN-1999-0278
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

In IIS, remote attackers can obtain source code for ASP files by appending
"::$DATA" to the URL.

VOTE: accept,  additional source
Microsoft Security Bulletin MS98-003
http://www.microsoft.com/security

=================================
Candidate: CAN-1999-0279
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.01.excite

Excite for Web Servers (EWS) allows remote command execution via
shell metacharacters.

VOTE: accept

=================================
Candidate: CAN-1999-0283
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

The Java Web Server would allow remote users to obtain the source
code for CGI programs.

VOTE: noop

=================================
Candidate: CAN-1999-0347
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan26,1999
Reference: NTBUGTRAQ:Jan28,1999

Javascript bug in Internet Explorer 4.01 by adding %01URL allows
reading local files and spoofing of web pages from other sites.

VOTE: modify, this is a modified Cross-Frame vulnerability that circumvents
the original Cross-Frame Patch.  Addressed in MS Bulletin MS99.012
http://www.microsoft.com/security/bulletins/ms99-012.asp
=================================
Candidate: CAN-1999-0348
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NTBUGTRAQ:Jan27,1999

IIS ASP caching problem releases sensitive information when two
virtual servers share the same physical directory.

VOTE: accept, additional source
MS KnowledgeBase Article Q197003
http://support.microsoft.com/support/kb/articles/q197/0/03.asp

=================================
Candidate: CAN-1999-0360
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan29,1999
Reference: NTBUGTRAQ:Jan29,1999

MS Site Server 2.0 with IIS 4 can allow users to upload content,
including ASP, to the target web site, thus allowing them to
execute commands remotely.

VOTE: noop

 
Page Last Updated: May 22, 2007