Last Modified: Oct. 18, 2016
perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Exploitability Score: 10.0
Impact Score: 2.9
CVSS V2: AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD-CWE-Other
['alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( msg:"SERVER-WEBAPP perlshop.cgi access"; flow:to_server,established; http_uri; content:"/perlshop.cgi",fast_pattern,nocase; metadata:ruleset community; service:http; reference:cve,1999-1374; classtype:attempted-recon; sid:840; rev:19; )\n', '# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SERVER-WEBAPP perlshop.cgi access"; flow:to_server,established; content:"/perlshop.cgi"; fast_pattern:only; http_uri; metadata:ruleset community, service http; reference:cve,1999-1374; classtype:attempted-recon; sid:840; rev:19;)\n']
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:arpanet:perlshop:*:*:*:*:*:*:*:* Part: a Vendor: arpanet | Alle Schwachstellen für arpanet | |
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:arpanet:perlshop:*:*:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="remote"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:arpanet:perlshop:*:*:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="data" value="any"/>
<prop key="data_influence" value="read"/>
<prop key="range" value="remote"/>
</set>