CVE-2000-1225
published 2000-12-31CVE-2000-1225: Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information…
PriorityP415medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.30%
66.8th percentile
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imatix | xitami | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
exploitdb·2000-05-18
CVE-2000-0394 Axent NetProwler 3.0 - IP Packets Denial of Service (2)
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
---
source: https://www.securityfocus.com/bid/1225/info
Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:
(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH
According to Axent Security team, this is not a fragmented packet issue as reported in RFP2K05 By Rain Forest Puppy.
In addition, NetProwler utilizes Microsoft JET engine 3.5 for storing incoming alert information. More information regarding the Microsoft JET engine 3.5 vulnerability can be found at:
https://www.securityfocus.com/bid/286
#include "tcpip.casl"
#include "packets.casl"
Src = pop args;
Dst = pop args;
Src = getip(Src);
Dst
Exploit-DB
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
exploitdb·2000-05-18
CVE-2000-0394 Axent NetProwler 3.0 - IP Packets Denial of Service (1)
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/1225/info
Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:
(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH
According to Axent Security team, this is not a fragmented packet issue as reported in RFP2K05 By Rain Forest Puppy.
In addition, NetProwler utilizes Microsoft JET engine 3.5 for storing incoming alert information. More information regarding the Microsoft JET engine 3.5 vulnerability can be found at:
https://www.securityfocus.com/bid/286
/* RFProwl.c - rain forest puppy / wiretrip / [email protected]
Kills NetProwler IDS version 3.0
Y
No writeups or analysis indexed.
2000-12-31
Published