Back to search
CVE-2001-1241
Published: May 3, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.midwinter.com/~koreth/uncgi-changes.html
x_refsource_CONFIRM
uncgi-unexecutable-cgi(6847)
vdb-entry
x_refsource_XF
3057
vdb-entry
x_refsource_BID
20010718 Re: [Khamba Staring <[email protected]>] multiple
mailing-list
x_refsource_BUGTRAQ
http://www.midwinter.com/~koreth/uncgi.html
x_refsource_CONFIRM
20010717 multiple vulnerabilities in un-cgi
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now