Intrusion Prevention

WWWCount.FileDisclosure

Description

It indicates a file disclosure vulnerability in wwwcount count.cgi program.


Count.cgi is a popular CGI program that displays the number of raw hits on Web pages as an in-line image. There exists a vulnerability in the count.cgi program that allows remote attackers to view any GIF file on the target system by submitting a specially-crafted URL.

Affected Products

Any unprotected count.cgi 2.3 is vulnerable to the attack.

Impact

Attackers can view any GIF image on infected systems

Recommended Actions

Remove the count.cgi program from the cgi-bin directory if it is not used.


Upgrade the program to the latest non-vulnerable version.

CVE References

CVE-1999-0021

Other References

1 1