.N IIS - Vulnerable CGI Scripts #Policy Name .L 2 #Policy structure .D This policy contains rules that detect access to various CGI script programs. #Policy Description .V 1014317409 #Policy revision number .Z 2275 #Policy ID .Z 2275 #Policy ID .R DCForum.cgi Access #Rule Definition ..D Reference: CAN-2000-1132; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2199 #Rule ID ..K #Rule And Select logic ..V 50 #Rule Value ..S #Select Clause(s) ...G DCForum Select #System Message ....T *dcadmin.cgi* #Regular text ....T *dcboard.cgi* #Regular text ....T *dcforum.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2197 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2198 #ID of the clause .R GBook.cgi Access #Rule Definition ..D Reference: CAN-2000-1131; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2205 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G GBook Select #System Message ....T *gbook.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2203 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2204 #ID of the clause .R Pollit.cgi Access #Rule Definition ..D Reference: CVE-2000-1068, CVE-2000-1069, CVE-2000-1070; This CGI program contains multiple bugs allowing an attacker to perform virtually any function on the webserver to include aribtrary code executions, administrative changes, and local file reading. #Rule Description ..Z 2226 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Pollit Select #System Message ....T *pollit.cgi* #Regular text ....T *pollit_files* #Regular text ....C 0 #Case sensitivity ....Z 2224 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2225 #ID of the clause .R OpenView5 CGI Access #Rule Definition ..D Reference: CVE-2000-1058; This CGI script contains buffer overflow allowing an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2223 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G OpenView5.exe Select #System Message ....T *OpenView5.exe?* #Regular text ....C 0 #Case sensitivity ....Z 2221 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2222 #ID of the clause .R Mailfile.cgi Access #Rule Definition ..D Reference: CVE-2000-0977; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2211 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G mailfile Select #System Message ....T *mailfile.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2209 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2210 #ID of the clause .R WWWBoard Access #Rule Definition ..D Reference: CVE-1999-0953; This CGI script contains a bug that would allow an attacker to read encrypted passwords on the webserver. #Rule Description ..Z 2271 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G WWWBoard Select #System Message ....T *wwwboard* #Regular text ....C 0 #Case sensitivity ....Z 2269 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2270 #ID of the clause .R Websendmail Access #Rule Definition ..D Reference: CVE-1999-0196; This CGI script contains a bug that would allow an attacker to access arbitrary files on the webserver. #Rule Description ..Z 2259 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Websendmail Select #System Message ....T *websendmail* #Regular text ....C 0 #Case sensitivity ....Z 2257 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2258 #ID of the clause .R Anaconda Directory Access #Rule Definition ..D Reference: CVE-2000-0975; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2184 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Anaconda Select #System Message ....T *apexec.pl* #Regular text ....C 0 #Case sensitivity ....Z 2182 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2183 #ID of the clause .R Info2www Access #Rule Definition ..D Reference: CVE-1999-0266; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2208 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Info2www Select #System Message ....T *info2www* #Regular text ....C 0 #Case sensitivity ....Z 2206 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2207 #ID of the clause .R Sambar test-cgi Access #Rule Definition ..D Reference: CVE-1999-0070; This CGI script contains a bug that would allow an attacker to list files on the webserver. #Rule Description ..Z 2229 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G test-cgi Select #System Message ....T *test-cgi* #Regular text ....C 0 #Case sensitivity ....Z 2227 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2228 #ID of the clause .R WebSite Uploader.exe #Rule Definition ..D Reference: CVE-1999-0177; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2262 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Uploader.exe Select #System Message ....T *uploader.exe* #Regular text ....C 0 #Case sensitivity ....Z 2260 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2261 #ID of the clause .R WEBGais CGI Access #Rule Definition ..D Reference: CVE-1999-0176; This CGI script contains a bug that would allow an attacker to execute arbitrary commands on the webserver. #Rule Description ..Z 2253 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G WEBGais Select #System Message ....T */cgi-bin/webgais* #Regular text ....C 0 #Case sensitivity ....Z 2251 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2252 #ID of the clause .R BNBForm CGI Access #Rule Definition ..D Reference: CVE-1999-0937; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2190 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G BNBForm Select #System Message ....T *bnbform.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2188 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2189 #ID of the clause .R Viewsrc.cgi Access #Rule Definition ..D Reference: CVE-1999-0174; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2247 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Viewsrc Select #System Message ....T *view-source* #Regular text ....C 0 #Case sensitivity ....Z 2245 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2246 #ID of the clause .R Wguest/Rguest Access #Rule Definition ..D Reference: CAN-1999-0467; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2265 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Wguest/Rguest Select #System Message ....T */cgi-bin/rguest.exe* #Regular text ....T */cgi-bin/wguest.exe* #Regular text ....C 0 #Case sensitivity ....Z 2263 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2264 #ID of the clause .R Classifieds.cgi Access #Rule Definition ..D Reference: CVE-1999-0934; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2196 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Classifieds Select #System Message ....T *classifieds.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2194 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2195 #ID of the clause .R BNBSurvey CGI Access #Rule Definition ..D Reference: CVE-1999-0936; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2193 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G BNBSurvey Select #System Message ....T */survey.cgi* #Regular text ....T *bnbsurvey.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2191 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2192 #ID of the clause .R Win-C-Sample Access #Rule Definition ..D Reference: CVE-1999-0178; This CGI script contains a buffer overflow that would allow an attacker to execute arbitrary commands on the webserver. #Rule Description ..Z 2268 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Win-C-Sample Select #System Message ....T *win-c-sample.exe* #Regular text ....C 0 #Case sensitivity ....Z 2266 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2267 #ID of the clause .R Anyform2 CGI Access #Rule Definition ..D Reference: CVE-1999-0066; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2187 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Anyform2 Select #System Message ....T *AnyForm2* #Regular text ....C 0 #Case sensitivity ....Z 2185 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2186 #ID of the clause .R Way-Board CGI Access #Rule Definition ..D Reference: CAN-2001-0214; This CGI script contains a bug that would allow an attacker to read arbitrary files on the webserver. #Rule Description ..Z 2250 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Way-board Select #System Message ....T */way-board.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2248 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2249 #ID of the clause .R WebPALS CGI Access #Rule Definition ..D Reference: CAN-2001-0217; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2256 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T */pals-cgi* #Regular text ....C 0 #Case sensitivity ....Z 2254 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2255 #ID of the clause .R Shop.cgi Access #Rule Definition ..D Reference: CVE-2000-0921; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2232 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Shop.cgi Select #System Message ....T */shop.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2230 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2231 #ID of the clause .R MultiHTML CGI Access #Rule Definition ..D Reference: CAN-2000-0912; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2214 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G MultiHTML Select #System Message ....T *multihtml.pl* #Regular text ....C 0 #Case sensitivity ....Z 2212 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2213 #ID of the clause .R News.cgi Access #Rule Definition ..D Reference: CVE-2000-0720; This CGI script contains a bug that would allow an attacker to modify the authoring privileges in the program. #Rule Description ..Z 2220 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G News.cgi Select #System Message ....T *news.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2218 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2219 #ID of the clause .R Net.Data db2www CGI Access #Rule Definition ..D Reference: CVE-2000-0677; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2217 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G db2www Select #System Message ....T *db2www* #Regular text ....C 0 #Case sensitivity ....Z 2215 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2216 #ID of the clause .R Textcounter CGI Access #Rule Definition ..D Reference: CAN-1999-1479; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2244 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G System Message #System Message ....T *textcounter.pl* #Regular text ....C 0 #Case sensitivity ....Z 2242 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2243 #ID of the clause .R Agora.cgi Access #Rule Definition ..D Reference: BugTraq ID: 3976; It is possible for a remote attacker to learn the absolute path of the location of this script thus providing information to be used in future attacks. #Rule Description ..Z 2181 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Agora Select #System Message ....T *agora.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2179 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2180 #ID of the clause .R Simplestguest.cgi Access #Rule Definition ..D Reference: CAN-2001-0022; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2235 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Simplestguest Select #System Message ....T *simplestguest.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2233 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2234 #ID of the clause .R Status.cgi Access #Rule Definition ..D Reference: CVE-2000-0056; This CGI script contains a bug that would allow an attacker to cause a Denial of Service to the webserver. #Rule Description ..Z 2241 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Status.cgi Select #System Message ....T *status.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2239 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2240 #ID of the clause .R Simplestmail.cgi Access #Rule Definition ..D Reference: CAN-2001-0024; This CGI script contains a bug that would allow an attacker to execute arbitrary code on the webserver. #Rule Description ..Z 2238 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Simplestmail Select #System Message ....T *simplestmail.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2236 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2237 #ID of the clause .R Extropia Webstore CGI Access #Rule Definition ..D Reference: CVE-2000-1005; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2202 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Web_store Select #System Message ....T *web_store.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2200 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2201 #ID of the clause .R Zml.cgi Access #Rule Definition ..D Reference: BugTraqID: 3759; This CGI script contains a bug that would allow to read arbitrary files via a .. (dot dot) Directory Traversal attack. #Rule Description ..Z 2274 #Rule ID ..V 50 #Rule Value ..S #Select Clause(s) ...G Zml CGI Access #System Message ....T *zml.cgi* #Regular text ....C 0 #Case sensitivity ....Z 2272 #ID of the clause ..A #Action Clause(s) ...E Record to Event Viewer #Record Event ....Z 2273 #ID of the clause