The MetaInfo MetaWeb web server is a legacy content management system that allows users to upload, execute, and read scripts. This vulnerability enables attackers to exploit the system by uploading malicious scripts, which can lead to arbitrary code execution on the server.
You're affected if you use MetaInfo MetaWeb version 1.x or earlier. To check if your installation is vulnerable, run the following command: find / -name "metainfo*.bin" 2>/dev/null (Note that this command may not work on all systems and should be adapted to your specific environment.)
This vulnerability is distinct from other web server vulnerabilities like Apache HTTP Server or Nginx. If you don't recognize MetaInfo MetaWeb, you're almost certainly not affected.
To fix the vulnerability, upgrade to a newer version of MetaInfo MetaWeb that is no longer supported or patched. Unfortunately, there are no publicly available patches for this software.
Immediate mitigations include: