CVE-2001-1241

Published Jul 17, 2001

Last updated 16 years ago

Overview

Description: Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8EFF837-1B59-450D-B0E9-594093901168"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05272766-A2E1-426B-AE77-3AF64AC7DAC1"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84EBDD40-DA8F-460B-A996-8019C0F719EC"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B61DC67-7988-44C9-A9D4-9A3AEB1CCAFF"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAC08CF8-2899-40EF-B404-7B2A138E0755"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F69BABC-DC25-45E6-B50E-27264C95FD23"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "993399AD-0A50-4DE3-8572-8805D9AEE386"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF7B2908-19AA-49A8-A281-C470DCF159DD"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACC8093D-5A84-4003-8A74-2A12A0A761D9"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03E2D80A-6448-40EC-B33E-1606BB27C319"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17EDF72D-3553-45DC-8E3F-C3B7D2949DFA"
          },
          {
            "criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFFDFDCC-04B6-4DC9-B2FB-1E33FBED2444"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References