[Dshield] OpenWebMail Vulnerabilities?

Tony Earnshaw tonye at billy.demon.nl
Sat Mar 26 16:45:43 GMT 2005


Jon R. Kibler:

> Over the past couple of days we have seen innumerable log entries
> searching for openwebmail.pl, such as below:
>> (HOSTNAME DELETED) - - [23/Mar/2005:11:17:47 -0500] "GET
>> /cgi-bin/openwebmail/openwebmail.pl HTTP/1.0" 404 228
>>
>
> Is there some new vulnerability here? Google gives a bunch of links to a
> 2002/12 problem with v1.71, but does not show anything newer. BTW, most
> (all?) of the scans appear to originate from Asia.

Don't know about openwebmail in particular, but apache_perl as a whole
constitutes a nest of vipers - I disabled it long ago on sites I run and
wouldn't touch it with a bargepole. This was (as you did) due to my
examining logs after having got a load of nasty experiences. I suppose
openwebmail.pl is yet another example of a cgi Perl script that is
vulnerable.

--Tonni

-- 
mail: tonye at billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list