CVE-2001-1241 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2001-1241

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with #! and the desired program name.

Affected Software

Name	Vendor	Start Version	End Version
Un-cgi	Steve_grimm	1.0	1.0
Un-cgi	Steve_grimm	1.1	1.1
Un-cgi	Steve_grimm	1.2	1.2
Un-cgi	Steve_grimm	1.3	1.3
Un-cgi	Steve_grimm	1.4	1.4
Un-cgi	Steve_grimm	1.5	1.5
Un-cgi	Steve_grimm	1.6	1.6
Un-cgi	Steve_grimm	1.6.1	1.6.1
Un-cgi	Steve_grimm	1.6.2	1.6.2
Un-cgi	Steve_grimm	1.7	1.7
Un-cgi	Steve_grimm	1.8	1.8
Un-cgi	Steve_grimm	1.9	1.9

References

http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
http://www.iss.net/security_center/static/6847.php
http://www.midwinter.com/~koreth/uncgi.html
http://www.midwinter.com/~koreth/uncgi-changes.html
http://www.securityfocus.com/bid/3057