CVE

Id
3375  
CVE No.
CVE-2001-0562  
Status
Candidate  
Description
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.  
Phase
Proposed (20010727)  
Votes
ACCEPT(3) Cole, Frech, Ziese | NOOP(4) Bishop, Christey, Foat, Wall  
Comments
Frech> CONFIRM:http://www.gadnet.com/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1 | 5&t=000008 | Statement of fix is ambiguous: A major security flaw in the scripts | has now been fixed. For obvious reasons the details of the flaw will | not be posted here. | Site lists their product as A1-Stats, not A1Stats as in description. | CHANGE> [Bishop changed vote from REVIEWING to NOOP] | Christey> The URL recommended by Andre is *probably* addressing this | problem, but it"s not quite certain. There is insufficient | detail to determine if the vendor has truly acknowledged the | problem. I have an email to a1stats@gadnet.com to see | if I can confirm. | | This is affected by CD:SF-EXEC since multiple executables in the same | package are affected (a1disp.cgi, a1disp2.cgi, a1disp4.cgi, and | a1disp3.cgi). | Christey> Received confirmation via email, 2/26/2002.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
14566 3375 CVE-2001-0562 BUGTRAQ:20010507 Advisory for A1Stats  View
14567 3375 CVE-2001-0562 URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html  View
14568 3375 CVE-2001-0562 BID:2705  View
14569 3375 CVE-2001-0562 URL:http://www.securityfocus.com/bid/2705  View
14570 3375 CVE-2001-0562 XF:a1stats-a1admin-dos(6505)  View

Related JVN