.N IIS - Vulnerable CGI Scripts #Policy Name .L 2 #Policy structure .D This policy contains rules that detect access to various CGI script programs. #Policy Description .V 1014317409 #Policy revision number .Z 3054 #Policy ID .Z 3054 #Policy ID .R DCForum.cgi Access #Rule Definition ..D Reference: CAN-2000-1132; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2955 #Rule ID ..K #Rule And Select logic ..V 50 #Rule Value ..S #Select Clause(s) ...G DCForum Select #System Message ....T *dcadmin.cgi* #Regular text ....T *dcboard.cgi* #Regular text ....T *dcforum.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2953 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2954 #ID of the clause .R GBook.cgi Access #Rule Definition ..D Reference: CAN-2000-1131; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2958 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G GBook Select #System Message ....T *gbook.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2956 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2957 #ID of the clause .R Pollit.cgi Access #Rule Definition ..D Reference: CVE-2000-1068, CVE-2000-1069, CVE-2000-1070; This CGI program contains multiple bugs allowing an attacker to perform virtually any function on the webserver to include aribtrary code executions, administrative changes, and local file reading. #Rule Description ..Z 2961 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Pollit Select #System Message ....T *pollit.cgi* #Regular text ....T *pollit_files* #Regular text ....C 0 #Case sensitivity ....Z 2959 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2960 #ID of the clause .R OpenView5 CGI Access #Rule Definition ..D Reference: CVE-2000-1058; This CGI script contains buffer overflow allowing an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2964 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G OpenView5.exe Select #System Message ....T *OpenView5.exe?* #Regular text ....C 0 #Case sensitivity ....Z 2962 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2963 #ID of the clause .R Mailfile.cgi Access #Rule Definition ..D Reference: CVE-2000-0977; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2967 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G mailfile Select #System Message ....T *mailfile.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2965 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2966 #ID of the clause .R WWWBoard Access #Rule Definition ..D Reference: CVE-1999-0953; This CGI script contains a bug that would allow an attacker to read encrypted passwords on the webserver. #Rule Description ..Z 2970 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G WWWBoard Select #System Message ....T *wwwboard* #Regular text ....C 0 #Case sensitivity ....Z 2968 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2969 #ID of the clause .R Websendmail Access #Rule Definition ..D Reference: CVE-1999-0196; This CGI script contains a bug that would allow an attacker to access arbitrary files on the webserver. #Rule Description ..Z 2973 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Websendmail Select #System Message ....T *websendmail* #Regular text ....C 0 #Case sensitivity ....Z 2971 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2972 #ID of the clause .R Anaconda Directory Access #Rule Definition ..D Reference: CVE-2000-0975; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2976 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Anaconda Select #System Message ....T *apexec.pl* #Regular text ....C 0 #Case sensitivity ....Z 2974 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2975 #ID of the clause .R Info2www Access #Rule Definition ..D Reference: CVE-1999-0266; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2979 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Info2www Select #System Message ....T *info2www* #Regular text ....C 0 #Case sensitivity ....Z 2977 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2978 #ID of the clause .R Sambar test-cgi Access #Rule Definition ..D Reference: CVE-1999-0070; This CGI script contains a bug that would allow an attacker to list files on the webserver. #Rule Description ..Z 2982 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G test-cgi Select #System Message ....T *test-cgi* #Regular text ....C 0 #Case sensitivity ....Z 2980 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2981 #ID of the clause .R WebSite Uploader.exe #Rule Definition ..D Reference: CVE-1999-0177; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2985 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Uploader.exe Select #System Message ....T *uploader.exe* #Regular text ....C 0 #Case sensitivity ....Z 2983 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2984 #ID of the clause .R WEBGais CGI Access #Rule Definition ..D Reference: CVE-1999-0176; This CGI script contains a bug that would allow an attacker to execute arbitrary commands on the webserver. #Rule Description ..Z 2988 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G WEBGais Select #System Message ....T */cgi-bin/webgais* #Regular text ....C 0 #Case sensitivity ....Z 2986 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2987 #ID of the clause .R BNBForm CGI Access #Rule Definition ..D Reference: CVE-1999-0937; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2991 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G BNBForm Select #System Message ....T *bnbform.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2989 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2990 #ID of the clause .R Viewsrc.cgi Access #Rule Definition ..D Reference: CVE-1999-0174; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2994 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Viewsrc Select #System Message ....T *view-source* #Regular text ....C 0 #Case sensitivity ....Z 2992 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2993 #ID of the clause .R Wguest/Rguest Access #Rule Definition ..D Reference: CAN-1999-0467; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2997 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Wguest/Rguest Select #System Message ....T */cgi-bin/rguest.exe* #Regular text ....T */cgi-bin/wguest.exe* #Regular text ....C 0 #Case sensitivity ....Z 2995 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2996 #ID of the clause .R Classifieds.cgi Access #Rule Definition ..D Reference: CVE-1999-0934; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 3000 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Classifieds Select #System Message ....T *classifieds.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2998 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2999 #ID of the clause .R BNBSurvey CGI Access #Rule Definition ..D Reference: CVE-1999-0936; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3003 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G BNBSurvey Select #System Message ....T */survey.cgi* #Regular text ....T *bnbsurvey.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3001 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3002 #ID of the clause .R Win-C-Sample Access #Rule Definition ..D Reference: CVE-1999-0178; This CGI script contains a buffer overflow that would allow an attacker to execute arbitrary commands on the webserver. #Rule Description ..Z 3006 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Win-C-Sample Select #System Message ....T *win-c-sample.exe* #Regular text ....C 0 #Case sensitivity ....Z 3004 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3005 #ID of the clause .R Anyform2 CGI Access #Rule Definition ..D Reference: CVE-1999-0066; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3009 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Anyform2 Select #System Message ....T *AnyForm2* #Regular text ....C 0 #Case sensitivity ....Z 3007 #ID of the clause ..A #Action Clause(s) ...E Reco¤ô¤ôrd to Event Viewer #Record Event ....Z 3008 #ID of the clause .R Way-Board CGI Access #Rule Definition ..D Reference: CAN-2001-0214; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 3012 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Way-board Select #System Message ....T */way-board.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3010 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3011 #ID of the clause .R WebPALS CGI Access #Rule Definition ..D Reference: CAN-2001-0217; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 3015 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T */pals-cgi* #Regular text ....C 0 #Case sensitivity ....Z 3013 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3014 #ID of the clause .R Shop.cgi Access #Rule Definition ..D Reference: CVE-2000-0921; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 3018 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Shop.cgi Select #System Message ....T */shop.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3016 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3017 #ID of the clause .R MultiHTML CGI Access #Rule Definition ..D Reference: CAN-2000-0912; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3021 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G MultiHTML Select #System Message ....T *multihtml.pl* #Regular text ....C 0 #Case sensitivity ....Z 3019 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3020 #ID of the clause .R News.cgi Access #Rule Definition ..D Reference: CVE-2000-0720; This CGI script contains a bug that would allow an attacker to modify the authoring privileges in the program. #Rule Description ..Z 3024 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G News.cgi Select #System Message ....T *news.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3022 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3023 #ID of the clause .R Net.Data db2www CGI Access #Rule Definition ..D Reference: CVE-2000-0677; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3027 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G db2www Select #System Message ....T *db2www* #Regular text ....C 0 #Case sensitivity ....Z 3025 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3026 #ID of the clause .R Textcounter CGI Access #Rule Definition ..D Reference: CAN-1999-1479; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3030 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *textcounter.pl* #Regular text ....C 0 #Case sensitivity ....Z 3028 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3029 #ID of the clause .R Agora.cgi Access #Rule Definition ..D Reference: BugTraq ID: 3976; It is possible for a remote attacker to learn the absolute path of the location of this script thus providing information to be used in future attacks. #Rule Description ..Z 3033 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Agora Select #System Message ....T *agora.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3031 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3032 #ID of the clause .R Simplestguest.cgi Access #Rule Definition ..D Reference: CAN-2001-0022; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3036 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Simplestguest Select #System Message ....T *simplestguest.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3034 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3035 #ID of the clause .R Status.cgi Access #Rule Definition ..D Reference: CVE-2000-0056; This CGI script contains a bug that would allow an attacker to cause a Denial of Service to the webserver. #Rule Description ..Z 3039 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Status.cgi Select #System Message ....T *status.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3037 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3038 #ID of the clause .R Simplestmail.cgi Access #Rule Definition ..D Reference: CAN-2001-0024; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 3042 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Simplestmail Select #System Message ....T *simplestmail.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3040 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3041 #ID of the clause .R Extropia Webstore CGI Access #Rule Definition ..D Reference: CVE-2000-1005; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 3045 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Web_store Select #System Message ....T *web_store.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3043 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3044 #ID of the clause .R Zml.cgi Access #Rule Definition ..D Reference: BugTraqID: 3759; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 3048 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Zml CGI Access #System Message ....T *zml.cgi* #Regular text ....C 0 #Case sensitivity ....Z 3046 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3047 #ID of the clause .R MDAC Component Query #Rule Definition ..D Reference: CAN-2002-1142; Microsoft Data Access Components contain a buffer overflow in a Remote Data Services component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control. #Rule Description ..Z 3053 #Rule ID ..K #Rule And Select logic ..V 50 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *POST*/msadc/msadcs.dll/*.Query* #Regular text ....C 0 #Case sensitivity ....Z 3049 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 3052 #ID of the clause