Signature Detail

Short Name	SCAN:MISC:HTTP:FORMHANDLER
Severity	Info
Recommended	No
Category	SCAN
Keywords	FormHandler.cgi access
Release Date	2004/12/08
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SCAN: FormHandler.cgi access

This signature detects attempts to access the script ForHandler.cgi. This script has multiple vulnerabilities and is a common target for network vulnerability scanners.

Extended Description

Any file that the FormHandler.cgi has read access to (the cgi is typically run as user 'nobody' on Unix systems) can be specified as an attachment in a reply email. This could allow an attacker to gain access to sensitive files such as /etc/passwd simply by modifying the form document.

Affected Products

Matt Wright FormHandler.cgi 2.0.0

References

BugTraq: 799
CVE: CVE-1999-1050
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1050
URL: http://www.securityfocus.com/bid/798

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SCAN: FormHandler.cgi access

Extended Description

Affected Products

References