Command Execution Vulnerability in Un-CGI by Midwinter
CVE-2001-1241

Currently unrated

Key Information:

Vendor: Steve Grimm
Status: Un-cgi
Vendor: CVE Published:; 17 July 2001

🔔 Create Steve Grimm Vulnerability Alert

What is CVE-2001-1241?

The Un-CGI tool, versions 1.9 and earlier, lacks proper verification of execution bits in CGI scripts before execution. This oversight allows attackers to exploit the system by crafting a malicious document that initiates with '#!' followed by the desired executable program. By manipulating CGI execution, unauthorized individuals can execute arbitrary commands on the server, posing a significant risk to system integrity and security.

References

http://www.midwinter.com/~koreth/uncgi-changes.html

x_refsource_CONFIRM

http://www.iss.net/security_center/static/6847.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3057

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 17, 2001