Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SCAN:MISC:HTTP:DCFORUM-ACCESS

Severity

 Info

Recommended

 No

Category

 SCAN

Keywords

 dcforum.cgi Access

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SCAN: dcforum.cgi Access


This signature detects access to the vulnerable dcforum.cgi script in DCScripts DC Forum, 1.0-6.0, which is used to manage Web-based discussion boards. Attackers can gain administrative access to the server.

Extended Description

DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. Additionally, it has been reported that the dcforum.cgi script can be made to delete itself if the attacker attempts to read its source code using this method, effectively permitting a denial-of-service attack.

Affected Products

  • DC Scripts DCForum 1.0.0
  • DC Scripts DCForum 2.0.0
  • DC Scripts DCForum 3.0.0
  • DC Scripts DCForum 4.0.0
  • DC Scripts DCForum 5.0.0
  • DC Scripts DCForum 6.0.0

References

  • BugTraq: 1951
  • CVE: CVE-2000-1132
  • URL: http://www.dcscripts.com/dcforum.shtml

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out