Vulnerability Name:
CVE-1999-1154 (CCN-1400)
Assigned:
1998-11-09
Published:
1998-11-09
Updated:
2017-12-19
Summary:
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: BugTraq Mailing List, Mon, 9 Nov 1998 18:26:05 -0600
Several new CGI vulnerabilities
Source: MITRE
Type: CNA
CVE-1999-1153
Source: MITRE
Type: CNA
CVE-1999-1154
Source: MITRE
Type: CNA
CVE-1999-1155
Source: MISC
Type: Vendor Advisory
http://lakeweb.com/scripts/
Source: CCN
Type: OSVDB ID: 11381
LakeWeb Mail List Recipient Address Command Execution
Source: CCN
Type: OSVDB ID: 11382
LakeWeb Filemail Recipient Address Command Execution
Source: CCN
Type: OSVDB ID: 12955
HAMcards Postcard CGI Script Recepient Field Arbitrary Command Execution
Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
19981109 Several new CGI vulnerabilities
Source: XF
Type: UNKNOWN
cgi-perl-mail-programs(1400)
Source: XF
Type: UNKNOWN
cgi-perl-mail-programs(1400)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:lakeweb:filemail_cgi_script:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
OR
cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
OR
cpe:/o:ibm:os2:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*
OR
cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
OR
cpe:/a:novell:netware:*:*:*:*:*:*:*:*
OR
cpe:/o:sco:unix:*:*:*:*:*:*:*:*
OR
cpe:/a:larry_wall:perl:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
OR
cpe:/o:cisco:ios:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
OR
cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
lakeweb
filemail cgi script *
ibm
aix *
windriver
bsdos *
hp
hp-ux *
sgi
irix *
linux
linux kernel *
sun
solaris *
ibm
os2 *
microsoft
windows 95 *
data_general
dg ux *
microsoft
windows nt 4.0
microsoft
windows 98 *
novell
netware *
sco
unix *
larry_wall
perl *
microsoft
windows 98se *
microsoft
windows 2000 *
cisco
ios *
microsoft
windows me *
compaq
tru64 *
microsoft
windows xp
apple
mac os *
microsoft
windows 2003_server
microsoft
windows 7 *
microsoft
windows server 2008
microsoft
windows server 2008 - r2
microsoft
windows vista *
microsoft
windows server 2012
microsoft
windows 8 *
Denotes that component is vulnerable