1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP FormMail Cmd Exec

HTTP FormMail Cmd Exec

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects an attempt to execute arbitrary commands using Matt Wright's FormMail CGI program.

Additional Information

Matt Wright's FormMail is a web-based e-mail gateway.
In versions 1.9 and earlier, the "recipient" hidden field is not checked for the semi-colon(;), the shell command separation character, enabling an attacker to execute arbitrary command remotely.

Affected

  • Matt Wright FormMail 1.0

Response

Upgrade to the latest version of FormMail
http://www.scriptarchive.com/download.cgi?s=formmail
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube