Summary
The file VsSetCookie.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit.
Solution
remove it from /cgi-bin.
To manually test the server, you can try:
http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>
With a correctly guessed User Name, you will gain full access to the CGI.
*** As openvas solely relied on the banner of the remote host *** this might be a false positive
Severity
Classification
-
CVE CVE-2002-0236 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities