This application requires Javascript for optimal performance.

csSearch.Setup.Remote.Command.Execution

Alias(es)

CGI.csSearch.Command.Execution

Release Date

Sep 11, 2006

Severity

high

Impact

Attackers can execute arbitrary perl commands on the victim system.

Description

It indicates an attempt to execute potentially damaging command via CGISCRIPT.NET csSearch.cgi program.


csSearch is a website search script. Due to inadequate input checking, a remote attacker can execute arbitrary Perl code on a target system by sending it a specially-crafted message.



Affected Products

Any unprotected csSearch 2.3 or earlier version is vulnerable to the attack.






Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.




Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2002-0495

Reference/s

http://www.securityfocus.com/bid/4368 (BugTraq)

Reference: VID-12408