|
Family: CGI abuses --> Category: infos
PGPMail.pl detection Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of PGPMail.pl
Detailed Explanation for this Vulnerability Test
The 'PGPMail.pl' CGI is installed.
Some versions (up to v1.31 a least) of this CGI do not
properly filter user input before using it inside commands.
This would allow a cracker to run any command on your server.
*** Note: Nessus just checked the existence of this CGI
*** but did not try to exploit the flaws.
Solution : remove it from /cgi-bin or upgrade it.
Reference : http://online.securityfocus.com/archive/82/243262
Reference : http://online.securityfocus.com/archive/1/243408
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|