Intrusion Prevention

HTTP.CGI.Uploader.exe.Access

Description

It indicates a possible exploit of a File Upload vulnerability in OReilly WebSite Pro 2.3.7


OReilly WebSite Pro 2.3.7 ships with a uploader.exe program which allows remote users to upload and execute arbitrary files. By default, it can be run by any user.

Affected Products

OReilly Software WebSite Professional 2.3.7

Impact

Allow an attacker to upload and execute arbitrary files to the system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2000-0769 CVE-1999-0177