HighCheck or Attack Name: Uploader
The uploader.exe program included as part of the WebSite 1.1 web server allows a remote attacker to upload a file to the cgi-win directory of the web server, which may then possibly be executed. The uploader.exe program is installed by default in the cgi-win directory of the O'Reilly WebSite web server. WebSite software prior to v1.1g and v2.0 beta are vulnerable, but the 2.0 release is not vulnerable.
Delete the uploader.exe file and obtain a patch from O'Reilly. You should upgrade to WebSite 2.0 or greater.
O'Reilly Software, WebSite and WebSite Professional Updates, http://software.ora.com/techsupport/software/support_library_ws_frame.html
O'Reilly Software, Uploader Security Fix, ftp://ftp.software.ora.com/pub/techsupport/software/uploader.zip
