OmniHTTPd is a web server software that was widely used on older versions of Windows. This vulnerability allows remote attackers to execute commands by sending malicious HTTP requests to the server.
OmniHTTPd is a web server software that was widely used on older versions of Windows. This vulnerability allows remote attackers to execute commands by sending malicious HTTP requests to the server.
You're affected if you use OmniHTTPd version 4.0 or earlier. Check with: find / -name "omnihttpd.exe" 2>/dev/null (Note: This command is specific to Windows systems, and its applicability might vary on other platforms.)
Upgrade to OmniHTTPd version 5.0 or later.
- Immediate mitigations:
- Disable CGI execution by setting the CGIExecution service to "Disabled" in the Windows Services console.
- Block HTTP requests from untrusted sources using a firewall.