Signature Detail

Short Name	SCAN:MISC:HTTP:SENDFORM-ACCESS
Severity	Info
Recommended	No
Category	SCAN
Keywords	Sendform.cgi Access
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SCAN: Sendform.cgi Access

This signature detects access to the sendform.cgi script, known to contain various directory traversal vulnerabilities.

Extended Description

A vulnerability has been reported for sendform.cgi. Reportedly, sendform.cgi may disclose arbitrary files to remote attackers. The script has an optional feature to send 'blurb files' to the email addresses that are provided on the web form. However, sendform.cgi does not make proper checks for the BlurbFilePath parameter. Thus it is possible for a remote attacker to modify the value of the BlurbFilePath parameter and obtain access to arbitrary files.

Affected Products

Rod Clark sendform.cgi 1.4.0
Rod Clark sendform.cgi 1.4.1
Rod Clark sendform.cgi 1.4.2
Rod Clark sendform.cgi 1.4.3
Rod Clark sendform.cgi 1.4.4

References

BugTraq: 5286
CVE: CVE-2002-0710
URL: http://www.securiteam.com/securitynews/5VP0V0A7PG.html
URL: http://www.iss.net/security_center/static/9725.php

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SCAN: Sendform.cgi Access

Extended Description

Affected Products

References