CVE-2001-1241 - OpenCVE

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Steve Grimm	Un-cgi

Configuration 1 [-]

OR	cpe:2.3:a:steve_grimm:un-cgi:1.0:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.1:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.2:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.3:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.4:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.5:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.6:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.6.1:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.6.2:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.7:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.8:::::::*
	cpe:2.3:a:steve_grimm:un-cgi:1.9:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
http://www.iss.net/security_center/static/6847.php
http://www.midwinter.com/~koreth/uncgi-changes.html
http://www.midwinter.com/~koreth/uncgi.html
http://www.securityfocus.com/bid/3057

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2024-08-08T04:51:07.103Z

Reserved: 2002-05-01T00:00:00

Link: CVE-2001-1241

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2001-07-17T04:00:00.000

Modified: 2008-09-10T19:10:01.180

Link: CVE-2001-1241

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with \"#!\" and the desired program name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-05-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.midwinter.com/~koreth/uncgi-changes.html"}, {"name": "uncgi-unexecutable-cgi(6847)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/6847.php"}, {"name": "3057", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3057"}, {"name": "20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.midwinter.com/~koreth/uncgi.html"}, {"name": "20010717 multiple vulnerabilities in un-cgi", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with \"#!\" and the desired program name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.midwinter.com/~koreth/uncgi-changes.html", "refsource": "CONFIRM", "url": "http://www.midwinter.com/~koreth/uncgi-changes.html"}, {"name": "uncgi-unexecutable-cgi(6847)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/6847.php"}, {"name": "3057", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3057"}, {"name": "20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html"}, {"name": "http://www.midwinter.com/~koreth/uncgi.html", "refsource": "CONFIRM", "url": "http://www.midwinter.com/~koreth/uncgi.html"}, {"name": "20010717 multiple vulnerabilities in un-cgi", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:51:07.103Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.midwinter.com/~koreth/uncgi-changes.html"}, {"name": "uncgi-unexecutable-cgi(6847)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/6847.php"}, {"name": "3057", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3057"}, {"name": "20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.midwinter.com/~koreth/uncgi.html"}, {"name": "20010717 multiple vulnerabilities in un-cgi", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1241", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2024-08-08T04:51:07.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8EFF837-1B59-450D-B0E9-594093901168", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "05272766-A2E1-426B-AE77-3AF64AC7DAC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "84EBDD40-DA8F-460B-A996-8019C0F719EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B61DC67-7988-44C9-A9D4-9A3AEB1CCAFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CAC08CF8-2899-40EF-B404-7B2A138E0755", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "0F69BABC-DC25-45E6-B50E-27264C95FD23", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "993399AD-0A50-4DE3-8572-8805D9AEE386", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF7B2908-19AA-49A8-A281-C470DCF159DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "ACC8093D-5A84-4003-8A74-2A12A0A761D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "03E2D80A-6448-40EC-B33E-1606BB27C319", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "17EDF72D-3553-45DC-8E3F-C3B7D2949DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:steve_grimm:un-cgi:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "DFFDFDCC-04B6-4DC9-B2FB-1E33FBED2444", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with \"#!\" and the desired program name."}], "id": "CVE-2001-1241", "lastModified": "2008-09-10T19:10:01.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-07-17T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/6847.php"}, {"source": "cve@mitre.org", "url": "http://www.midwinter.com/~koreth/uncgi-changes.html"}, {"source": "cve@mitre.org", "url": "http://www.midwinter.com/~koreth/uncgi.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3057"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}