I work in a provider, I am testing your product but carrying out the vulnerability tests, I have obtained:unknown (8987/tcp)
High
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
unknown (8987/tcp)
High
The 'guestbook.pl' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0237
unknown (8987/tcp)
High
The 'wwwwais' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary
commands with the privileges of the http daemon (usually root or nobody).
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CAN-2001-0223
unknown (8987/tcp)
High
The CGI /pbserver/pbserver.dll is subject to a buffer
overflow attack that allows an attacker to execute
arbitrary commands on this host.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : See http://www.microsoft.com/technet/security/bulletin/ms00-094.asp
Risk factor : High unknown (8987/tcp)
High
There may be a buffer overrun in
the 'cgitest.exe' CGI program, which will allow anyone to
execute arbitrary commands with the same privileges as the
web server (root or nobody).
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-2000-1171
unknown (8987/tcp)
High
The remote web server appears to be running with
Frontpage extensions and lets the file 'authors.pwd'
to be downloaded by everyone.
This is a security concern since this file contains
sensitive data.
Solution : Contact Microsoft for a fix.
Risk factor : Medium
CVE : CVE-1999-0386
unknown (8987/tcp)
High
The web server is probably susceptible to a common IIS vulnerability discovered by
'Rain Forest Puppy'. This vulnerability enables an attacker to execute arbitrary
commands on the server with Administrator Privileges.
See Microsoft security bulletin (MS99-025) for patch information.
Also, BUGTRAQ ID 529 on www.securityfocus.com (http://www.securityfocus.com/bid/529)
Risk factor : High
CVE : CVE-1999-1011
unknown (8987/tcp)
High
The script /cart/cart.cgi is present.
If this shopping cart system is the Dansie
Shopping Cart, and if it is older than version 3.0.8
then it is very likely that it contains a backdoor
which allows anyone to execute arbitrary commands on this system.
Solution : use another cart system
Risk factor : High
CVE : CVE-2000-0252
unknown (8987/tcp)
High
The 'ping.asp' CGI is installed. Some versions
allows a cracker to launch a ping flood against your
machine or another by entering
'127.0.0.1 -l 65000 -t' in the Address field.
Solution : remove it.
Risk factor : Serious unknown (8987/tcp)
High
The 'campas' cgi is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0146
unknown (8987/tcp)
High
The 'Perl' CGI is installed and can be launched
as a CGI. This is equivalent to giving a free shell to an attacker, with the
http server privileges (usually root or nobody).
Solution : remove it from /cgi-bin
Risk factor : Serious
CVE : CAN-1999-0509
unknown (8987/tcp)
High
BizDB is a web database integration product
using Perl CGI scripts. One of the scripts,
bizdb-search.cgi, passes a variable's
contents to an unchecked open() call and
can therefore be made to execute commands
at the privilege level of the webserver.
The variable is dbname, and if passed a
semicolon followed by shell commands they
will be executed. This cannot be exploited
from a browser, as the software checks for
a referrer field in the HTTP request. A
valid referrer field can however be created
and sent programmatically or via a network
utility like netcat.
see also : http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm
Risk factor : Serious
CVE : CVE-2000-0287
unknown (8987/tcp)
High
The dll '/_vti_bin/_vti_aut/dvwssr.dll' seems to be present.
This dll contains a bug which allows anyone with
authoring web permissions on this system to alter
the files of other users.
In addition to this, this file is subject to a buffer overflow
which allows anyone to execute arbitrary commands on the
server and/or disable it
Solution : delete /_vti_bin/_vti_aut/dvwssr.dll
Risk factor : High
See also : http://www.wiretrip.net/rfp/p/doc.asp?id=45&iface=1
CVE : CVE-2000-0260
unknown (8987/tcp)
High
It is possible to read
any file on the remote system by prepending
several dots before the file name.
Example :
GET ........../config.sys
Solution : Disable this service and install
a real Web Server.
Risk factor : High
CVE : CVE-1999-0386
unknown (8987/tcp)
Low
For your information, here is the list of CGIs
that are used by the remote host, as well as their arguments :
Syntax: cginame (arguments )
/sawmill6.3.9 ( rfcf i ip cgionly_scriptsubmit cgionly_savepasswordcookie cgionly_authentication_username cgionly_authentication_password finish ) unknown (8987/tcp)
Low
a web server is running on this port unknown (8987/tcp)
Low
Your website allows read access to the CVS/Entries file.
This exposes all file names in your CVS module on your website.
Change your website permissions to deny access to your CVS directory.
Entries contains the following: 0 unknown (8987/tcp)
Low
The cgi 'dumpenv.pl' is installed. This
CGI gives away too much information about the web server
configuration, which will help an attacker.
Solution : remove it from /cgi-bin.
Risk factor : Low
CVE : CAN-1999-1178
unknown (8987/tcp)
Low
The 'printenv' CGI is installed.
printenv normally returns all environment variables.
This gives an attacker valuable information about the
configuration of your web server.
Solution : Remove it from /cgi-bin.
Risk factor : Medium
Printer-friendly copy
Email this topic to a friend
. Sawmill does starts a web server on port 8987 (that's the only accurate thing in the report), but it uses its own highly specialized web server. It doesn't do CGI, perl, servelets, Frontpage, executables, or any of the other features claim to be vulnerable by this vulnerability testing program. It looks like the program does some simple HTTP queries against a web server, and decides that it's vulnerable when certain conditions are met; for instance, it tried to access certain named CGI programs, and reports the server as vulnerable if the error isn't of the format it expects. This probably does reliably assess vulnerability of IIS and Apache web servers, but it's not going to work with a tiny special-purpose web server like Sawmill's. The program gets confused because it doesn't recognize Sawmill's response, and spits out a bunch of erroneous warnings.