CVE 1999-0883
CVE 1999-0884
There are a two vulnerabilities in the Zeus Web Server that, when exploited in combination, can lead to a remote root compromise.
The Zeus Web Server provides a search CGI program that accepts server filesystem paths as its arguments. As a result, it is possible to display any file to which the server has access. In this way, an attacker can obtain the web server configuration file and, as a result, the password hash for the admin user.
The second vulnerability is that the Zeus Web Server administrative interface uses weak encryption for its passwords. Once a password for the admin user is cracked, it is possible to execute arbitrary commands through the web-based configuration interface as root.
Zeus Web Server versions 3.3.1 and 3.3.2 are vulnerable.
CVE 2000-0149
If the CGI module option "allow CGIs anywhere" is enabled, a remote attacker could view the contents of CGI scripts which are not located in directories which are designated as "executable", (e.g., \cgi-bin is an "executable" directory.) This vulnerability is exploited by appending
Zeus Web Server versions 3.1.1 through 3.3.5 are vulnerable. Version 3.3.5a is not vulnerable.