PT-2002-3077 · Swais · Simple Wais

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-2365

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Simple WAIS (SWAIS) version 1.11

Description The issue allows remote attackers to execute arbitrary commands by using shell metacharacters in the search field. This can be achieved by utilizing characters such as the "|" (pipe) character.

Recommendations For Simple WAIS (SWAIS) version 1.11, consider restricting access to the search field to prevent the execution of arbitrary commands until a patch is available. As a temporary workaround, avoid using shell metacharacters, such as the "|" (pipe) character, in the search field.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2002-2365

Produtos afetados

Simple Wais

PT-2002-3077 · Swais · Simple Wais

CVE-2002-2365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4