Summary
An old version of 'Count.cgi' cgi is installed.
It has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root, nobody, www...)
** Note that OVS only checked the version number
Solution
upgrade to wwwcount 2.4 or later.
Severity
Classification
-
CVE CVE-1999-0021 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- ATutor < 1.5.1-pl1 Multiple Flaws
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability