Short Name |
HTTP:CGI:CVSWEB-CGI-SEMICOLON |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
CVSWEB cvsweb.cgi ';' Exploit |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the cvsweb.cgi script, used by Web servers to display and manage the concurrent version system (CVS) tree. Attackers can use maliciously crafted arguments to remotely execute arbitrary shell commands on the server.
Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being exploited here is the following: open($fh, "rlog '$filenames' 2>/dev/null |")