Summary
The SuSE cgi 'sdbsearch.cgi' is installed.
This cgi allows a local (and possibly remote) user to execute arbitrary commands with the privileges of the HTTP server.
Solution
modify the script so that it filters
the HTTP_REFERRER variable, or delete it.
Severity
Classification
-
CVE CVE-2001-1130 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities