Summary
The file VsSetCookie.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit.
Solution
remove it from /cgi-bin.
To manually test the server, you can try:
http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>
With a correctly guessed User Name, you will gain full access to the CGI.
*** As openvas solely relied on the banner of the remote host *** this might be a false positive
Severity
Classification
-
CVE CVE-2002-0236 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- b2Evolution title SQL Injection