.N Apache - Vulnerable CGI Scripts #Policy Name .L 2 #Policy structure .D This policy contains rules that detect access to various CGI scripts. All of these scripts have possible exploits that will give a user unauthorized access to or heightened priveleges on an Apache Web Server. #Policy Description .V 1021929749 #Policy revision number .Z 5603 #Policy ID .R CSRandomText.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5621 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%52%61%6E%64%6F%6D%54%65%78%74%2E%63%67%69* #Regular text ....T *CSRandomText.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSUpload.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5620 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%55%70%6C%6F%61%64%2E%63%67%69* #Regular text ....T *CSUpload.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSNews.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5619 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%4E%65%77%73%2E%63%67%69* #Regular text ....T *CSNews.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSMailto.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5618 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%4D%61%69%6C%74%6F%2E%63%67%69* #Regular text ....T *CSMailto.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSIncludes.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5617 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%49%6E%63%6C%75%64%65%73%2E%63%67%69* #Regular text ....T *CSIncludes.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSGrid.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5616 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%47%72%69%64%2E%63%67%69* #Regular text ....T *CSGrid.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSFileshare.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5615 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%46%69%6C%65%73%68%61%72%65%2E%63%67%69* #Regular text ....T *CSFileshare.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSFiler.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5614 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%43%53%46%69%6C%65%72%2E%63%67%69* #Regular text ....T *CSFiler.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CsFAQ.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5613 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%73%46%41%51%2E%63%67%69* #Regular text ....T *csFAQ.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R Ad.cgi Request #Rule Definition ..D BugTraq ID 2103: A problem exists in the script that may allow access to restricted resources. #Rule Description ..Z 5485 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%61%64%2E%63%67%69* #Regular text ....T *ad.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5483 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5484 #ID of the clause .R Aglimpse CGI Request #Rule Definition ..D BugTraq ID 2026: The aglimpse script fails to filter the pipe metacharacter, allowing arbitrary command execution. #Rule Description ..Z 5488 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%61%67%6C%69%6D%70%73%65* #Regular text ....T *aglimpse* #Regular text ....C 1 #Case sensitivity ....Z 5486 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5487 #ID of the clause .R Apexec CGI Request #Rule Definition ..D BugTraq ID 2338: A vulnerability exists in apexec.pl which allows a remote user to traverse the filesystem of a target host. This may lead to the disclosure of file and directory contents. #Rule Description ..Z 5491 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%61%70%65%78%65%63%2E%70%6C* #Regular text ....T *apexec.pl* #Regular text ....C 1 #Case sensitivity ....Z 5489 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5490 #ID of the clause .R Auctionweaver CGI Request #Rule Definition ..D BugTraq ID 1630: It is possible to view the contents of any known file residing on a system running auctionweaver.pl. #Rule Description ..Z 5494 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%61%75%63%74%69%6F%6E%77%65%61%76%65%72%2E%70%6C* #Regular text ....T *auctionweaver.pl* #Regular text ....C 1 #Case sensitivity ....Z 5492 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5493 #ID of the clause .R Bb-hist CGI Request #Rule Definition ..D BugTraq ID 1971: Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the CGI of the Display Server. #Rule Description ..Z 5497 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%62%62%2D%68%69%73%74%2E%73%68* #Regular text ....T *bb-hist.sh* #Regular text ....C 1 #Case sensitivity ....Z 5495 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5496 #ID of the clause .R Bsguest.cgi Request #Rule Definition ..D BugTraq ID 2159: Bsguest.cgi fails to properly filter ';' characters from user-supplied email addresses. As a result, maliciously formed values can cause the script to run arbitrary shell commands with the privilege level of the web server. #Rule Description ..Z 5500 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%62%73%67%75%65%73%74%2E%63%67%69* #Regular text ....T *bsguest.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5498 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5499 #ID of the clause .R Bslist.cgi Request #Rule Definition ..D BugTraq ID 2160: Bslist.cgi fails to properly filter ';' characters from user-supplied email addresses. As a result, maliciously formed values can cause the script to run arbitrary shell commands with the privilege level of the web server. #Rule Description ..Z 5503 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%62%73%6C%69%73%74%2E%63%67%69* #Regular text ....T *bslist.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5501 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5502 #ID of the clause .R Bizdb1-search.cgi Request #Rule Definition ..D BugTraq ID 1104: Bizdb-search.cgi passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the web server. #Rule Description ..Z 5506 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%62%69%7A%64%62%31%2D%73%65%61%72%63%68* #Regular text ....T *bizdb1-search* #Regular text ....C 1 #Case sensitivity ....Z 5504 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5505 #ID of the clause .R Calendar Admin CGI Request #Rule Definition ..D BugTraq ID 1215: Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for metacharacters. It is therefore possible to execute arbitrary commands on the target host by passing "|shell commands|". #Rule Description ..Z 5509 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%61%6C%65%6E%64%61%72%5F%61%64%6D%69%6E%2E%70%6C* #Regular text ....T *calendar_admin.pl* #Regular text ....C 1 #Case sensitivity ....Z 5507 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5508 #ID of the clause .R Cgforum.cgi Request #Rule Definition ..D BugTraq ID 1951: Cgforum.cgi improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver. #Rule Description ..Z 5512 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%67%66%6F%72%75%6D%2E%63%67%69* #Regular text ....T *cgforum.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5510 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5511 #ID of the clause .R Cgiforum CGI Request #Rule Definition ..D BugTraq ID 1963: Cgiforum.pl improperly validates user-supplied input to the "thesection" parameter. As a result, it is possible to remotely view arbitrary files on the host that are readable by user 'nobody'. #Rule Description ..Z 5515 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%67%69%66%6F%72%75%6D%2E%70%6C* #Regular text ....T *cgiforum.pl* #Regular text ....C 1 #Case sensitivity ....Z 5513 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5514 #ID of the clause .R Cnf_gi.htm Request #Rule Definition ..D BugTraq ID 1025: Cnf_gi.htm supports remote management from the web via a system-supplied web server. Users can completely bypass authentication (username and password) by using a specific URL. #Rule Description ..Z 5518 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%6E%66%5F%67%69%2E%68%74%6D* #Regular text ....T *cnf_gi.htm* #Regular text ....C 1 #Case sensitivity ....Z 5516 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5517 #ID of the clause .R Everythingform.cgi Request #Rule Definition ..D BugTraq ID 2101: Everythingform.cgi fails to properly filter shell commands from user-supplied input to the 'config' field. As a result, the script can be made to run arbitrary shell commands with the privilege of the web server. #Rule Description ..Z 5521 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%65%76%65%72%79%74%68%69%6E%67%66%6F%72%6D%2E%63%67%69* #Regular text ....T *everythingform.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5519 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5520 #ID of the clause .R Ezshopper3 CGI Request #Rule Definition ..D BugTraq ID 2109: By requesting a specially crafted URL, it is possible for a remote user to gain read access to various files that reside within the EZShopper directory. #Rule Description ..Z 5524 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%65%7A%73%68%6F%70%70%65%72%33* #Regular text ....T *ezshopper3* #Regular text ....C 1 #Case sensitivity ....Z 5522 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5523 #ID of the clause .R Faqmanager.cgi Request #Rule Definition ..D BugTraq ID 3810: Faqmanager.cgi does not properly filter certain types of input from incoming web requests. It is possible to append a NULL character (%00) to the end of a web request and display the contents of an arbitrary web-readable file. #Rule Description ..Z 5527 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%66%61%71%6D%61%6E%61%67%65%72%2E%63%67%69* #Regular text ....T *faqmanager.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5525 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5526 #ID of the clause .R Ftp CGI Request #Rule Definition ..D BugTraq ID 1471: By submitting a request to ftp.pl containing the special directory traversal characters it is possible to access any directory on the filesystem. #Rule Description ..Z 5530 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%66%74%70%2E%70%6C* #Regular text ....T *ftp.pl* #Regular text ....C 1 #Case sensitivity ....Z 5528 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5529 #ID of the clause .R Formmail CGI Request #Rule Definition ..D BugTraq ID 2080: A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. #Rule Description ..Z 5533 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%66%6F%72%6D%6D%61%69%6C%2E%70%6C* #Regular text ....T *formmail.pl* #Regular text ....C 1 #Case sensitivity ....Z 5531 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5532 #ID of the clause .R Guestbook CGI Request #Rule Definition ..D BugTraq ID 776: When guest book is configured to allow for HTML posts and you have enabled server-side includes for HTML, it may be possible for an attacker to embed SSI (server-side include) code in guestbook messages. #Rule Description ..Z 5536 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%67%75%65%73%74%62%6F%6F%6B%2E%70%6C* #Regular text ....T *guestbook.pl* #Regular text ....C 1 #Case sensitivity ....Z 5534 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5535 #ID of the clause .R Htmlscript CGI Request #Rule Definition ..D BugTraq ID 2001: Htmlscript is vulnerable to a file reading directory traversal attack using relative paths (e.g., "../../../../../../etc/passwd"). #Rule Description ..Z 5539 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%68%74%6D%6C%73%63%72%69%70%74* #Regular text ....T *htmlscript* #Regular text ....C 1 #Case sensitivity ....Z 5537 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5538 #ID of the clause .R Newsdesk.cgi Request #Rule Definition ..D BugTraq ID 2172: Due to a failure to properly remove '/../' sequences from user-supplied input, a malicious remote user may lead the newsdesk.cgi script to improperly reveal the contents of any file on the filesystem. #Rule Description ..Z 5542 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%6E%65%77%73%64%65%73%6B%2E%63%67%69* #Regular text ....T *newsdesk.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5540 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5541 #ID of the clause .R Netauth.cgi Request #Rule Definition ..D BugTraq ID 1587: A remote user is capable of gaining read access to any known file residing on a host running netauth.cgi through directory traversal. #Rule Description ..Z 5545 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%6E%65%74%61%75%74%68%2E%63%67%69* #Regular text ....T *netauth.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5543 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5544 #ID of the clause .R Nph-test-cgi Request #Rule Definition ..D BugTraq ID 686: A security hole exists in the nph-test-cgi script which allows any remote user to easily browse your filesystem via the WWW. #Rule Description ..Z 5548 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%6E%70%68%2D%74%65%73%74%2D%63%67%69* #Regular text ....T *nph-test-cgi* #Regular text ....C 1 #Case sensitivity ....Z 5546 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5547 #ID of the clause .R Pagelog.cgi Request #Rule Definition ..D BugTraq ID 1864: Pagelog.cgi fails to check for '../' sequences in path and filename information supplied by the user. As a result, it is possible for a remote user to display or create files on the web server. #Rule Description ..Z 5551 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%70%61%67%65%6C%6F%67%2E%63%67%69* #Regular text ....T *pagelog.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5549 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5550 #ID of the clause .R Pals-cgi Request #Rule Definition ..D BugTraq ID 2372: A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. #Rule Description ..Z 5554 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%70%61%6C%73%2D%63%67%69* #Regular text ....T *pals-cgi* #Regular text ....C 1 #Case sensitivity ....Z 5552 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5553 #ID of the clause .R Poll_It CGI Request #Rule Definition ..D BugTraq ID 1431: Poll_It relies on a number of internal variables. Any remote user can overwrite these variables by specifying the new value as a variable in the GET request. This can lead to unauthorized file reads or other compromises. #Rule Description ..Z 5557 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%50%6F%6C%6C%5F%49%74%5F%53%53%49%5F%76%32%2E%30%2E%63%67%69* #Regular text ....T *Poll_It_SSI_v2.0.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5555 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5556 #ID of the clause .R Register.cgi Request #Rule Definition ..D BugTraq ID 2157: Due to insufficient checking of input, it is possible to execute system binaries as the effective userid of the web server process. #Rule Description ..Z 5560 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%72%65%67%69%73%74%65%72%2E%63%67%69* #Regular text ....T *register.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5558 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5559 #ID of the clause .R Simpleguest.cgi Request #Rule Definition ..D BugTraq ID 2106: An insecure call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands. #Rule Description ..Z 5563 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%73%69%6D%70%6C%65%67%75%65%73%74%2E%63%67%69* #Regular text ....T *simpleguest.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5561 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5562 #ID of the clause .R Store.cgi Request #Rule Definition ..D BugTraq ID 2385: Requesting a specially crafted URL by way of 'store.cgi', composed of '/../' sequences and appended with '%00' will disclose an arbitrary directory. #Rule Description ..Z 5566 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%73%74%6F%72%65%2E%63%67%69* #Regular text ....T *store.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5564 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5565 #ID of the clause .R Survey.cgi Request #Rule Definition ..D BugTraq ID 1817: Survey.cgi does poor input checking, inappropriately allowing shell metacharacters in user supplied data. This could lead to an elevation of user privileges or the execution of shell commands. #Rule Description ..Z 5569 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%73%75%72%76%65%79%2E%63%67%69* #Regular text ....T *survey.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5567 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5568 #ID of the clause .R Sojourn.cgi Request #Rule Definition ..D BugTraq ID 1052: Sojourn.cgi will accept and follow the '../' string in the variable contents, allowing read access to any .txt file the web server can read. #Rule Description ..Z 5572 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%73%6F%6A%6F%75%72%6E%2E%63%67%69* #Regular text ....T *sojourn.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5570 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5571 #ID of the clause .R Test-cgi Request #Rule Definition ..D BugTraq ID 2003: A security hole exists in the nph-test-cgi script which allows any remote user to easily browse your filesystem via the WWW. #Rule Description ..Z 5575 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%2f%74%65%73%74%2D%63%67%69* #Regular text ....T */test-cgi* #Regular text ....C 1 #Case sensitivity ....Z 5573 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5574 #ID of the clause .R Textcounter CGI Request #Rule Definition ..D BugTraq ID 2265: Due to insufficient checking of entered characters, it is possible for a remote user to input custom formatted strings into the environment variables, which when parsed can make it possible to execute arbitrary commands. #Rule Description ..Z 5578 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%74%65%78%74%63%6F%75%6E%74%65%72%2E%70%6C* #Regular text ....T *textcounter.pl* #Regular text ....C 1 #Case sensitivity ....Z 5576 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5577 #ID of the clause .R Ultraboard.cgi Request #Rule Definition ..D BugTraq ID 1164: Ultraboard.cgi is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the web server has read access to. #Rule Description ..Z 5581 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%75%6C%74%72%61%62%6F%61%72%64%2E%63%67%69* #Regular text ....T *ultraboard.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5579 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5580 #ID of the clause .R Webspirs.cgi Request #Rule Definition ..D BugTraq ID 2362: A remote user could gain read access to known files outside of the root directory where webspirs.cgi resides by requesting a specially crafted URL composed of '../' sequences along with the known filename. #Rule Description ..Z 5584 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%77%65%62%73%70%69%72%73%2E%63%67%69* #Regular text ....T *webspirs.cgi* #Regular text ....C 1 #Case sensitivity ....Z 5582 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5583 #ID of the clause .R Way-Board CGI Request #Rule Definition ..D BugTraq ID 2370: A remote user could gain read access to known files outside of the root directory where Way-Board resides by requesting a specially crafted URL composed of '%00' sequences along with the known filename. #Rule Description ..Z 5587 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%77%61%79%2D%62%6F%61%72%64* #Regular text ....T *way-board* #Regular text ....C 1 #Case sensitivity ....Z 5585 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5586 #ID of the clause .R Www-sql CGI Request #Rule Definition ..D BugTraq ID 2317: The www-sql HTTP database access script fails to authenticate remote users requesting files on the web site protected by .htaccess restrictions under the Apache web server. #Rule Description ..Z 5590 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%77%77%77%2D%73%71%6C* #Regular text ....T *www-sql* #Regular text ....C 1 #Case sensitivity ....Z 5588 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5589 #ID of the clause .R YaBB CGI Request #Rule Definition ..D BugTraq ID 1668: Due to input validation problems in YaBB, relative paths can be specified in . By exploiting this problem, a malicious user can view any file that the web server has access to. #Rule Description ..Z 5593 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%59%61%42%42%2E%70%6C* #Regular text ....T *YaBB.pl* #Regular text ....C 1 #Case sensitivity ....Z 5591 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5592 #ID of the clause .R Penguin Traceroute CGI Request #Rule Definition ..D BugTraq ID 4332: The Penguin traceroute script does not adequately filter special characters. This makes it possible for a remote user to embed commands into a request using special characters such as the ';' or '|' characters. #Rule Description ..Z 5596 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%50%65%6E%67%75%69%6E%20%54%72%61%63%65%72%6F%75%74%65* #Regular text ....T *Penguin?Traceroute* #Regular text ....C 1 #Case sensitivity ....Z 5594 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5595 #ID of the clause .R Ppdscgi CGI Request #Rule Definition ..D BugTraq ID 491: Due to a lack of authentication, remote attackers can display directories dynamically, which will allow unauthenticated access to the data in those directories. #Rule Description ..Z 5599 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%70%70%64%73%63%67%69%2E%65%78%65* #Regular text ....T *ppdscgi.exe* #Regular text ....C 1 #Case sensitivity ....Z 5597 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5598 #ID of the clause .R Rguest CGI Request #Rule Definition ..D BugTraq ID 2024: Rguest is vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access. #Rule Description ..Z 5602 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%72%67%75%65%73%74%2E%65%78%65* #Regular text ....T *rguest.exe* #Regular text ....C 1 #Case sensitivity ....Z 5600 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5601 #ID of the clause .R CsBanner.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5605 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%73%42%61%6E%6E%65%72%2E%63%67%69* #Regular text ....T *csBanner.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5604 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5606 #ID of the clause .R CsCreatePro.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5608 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *%63%73%43%72%65%61%74%65%50%72%6F%2E%63%67%69* #Regular text ....T *csCreatePro.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5607 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5609 #ID of the clause .R CSDownload.cgi Request #Rule Definition ..D BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information. #Rule Description ..Z 5611 #Rule ID ..V 20 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T %43%53%44%6F%77%6E%6C%6F%61%64%2E%63%67%69 #Regular text ....T *CSDownload.cgi* #Regular text ....C 0 #Case sensitivity ....Z 5610 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 5612 #ID of the clause