Alias(es)CGI.Ad.CGI.Restricted.Resource.Access.A, CGI.Ad.CGI.Restricted.Resource.Access.B |
Release DateSep 11, 2006 |
Severitylow |
ImpactAttackers can remotely execute commands on the victim system. |
DescriptionThis indicates an attempt to execute a potentially malicious command via ad.cgi program.Due to insufficient input validation, a remote attacker can execute arbitrary commands on a target system via shell metacharacters. |
Affected ProductsAny Leif Wright ad.cgi 1.0 is vulnerable to the attack. |
Recommended ActionsIf a FortiGate with FortiOS 2.80 or above is used, select Drop Session as the default action for the signature, if the ad.cgi is not used in the environment.Remove the ad.cgi file if it is not absolutely needed. Upgrade the program to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2001-0025 |
Reference/shttp://www.securityfocus.com/bid/2103 (BugTraq) |
