3 Replies Latest reply on Jun 14, 2011 6:22 PM by cgrim

    10204 - Webcom Guestbook.cgi Arbitrary Command Execution Vulnerability (False Positive?)

      Hi, all

       

      Last FSL update contained this vuln (Update 29, April)

      After update, I found this vuln in my scan result.

      But we don't have this Webcom guestbook.cgi.

      Actually this server dosen't installed any CGI.

      Is this false positive?

      What I miss?

       

      Thanks.

       

      10204 - Webcom Guestbook.cgi Arbitrary Command Execution Vulnerability

      Category: General Vulnerability Assessment -> NonIntrusive -> Web Server

      Risk Level: Medium

      CVE: CVE-1999-0237

      Description

      An arbitrary command execution vulnerability is present in some versions of Webcom Guestbook.cgi.

      Observation

      guestbook.cgi is a specific CGI script which helps to post various mails and digests for a particular topic.

      An arbitrary command execution vulnerability is present in some versions of Webcom Guestbook.cgi