vendor:
Irix
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Irix
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1998
Silicon Graphics Irix cgi-bin handler Vulnerability
A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute arbitrary commands on the vulnerable host as the user the web server is running as. This can easily result in a user being able to access the system. An attacker can use telnet to send a GET request to the vulnerable host with a command appended to the end of the URL. The command will be executed on the vulnerable host.
Mitigation:
Upgrade to a version of Irix that does not contain the vulnerable cgi-bin handler program.