GEN:SID | 1:1666 |
Message | ATTACK-RESPONSES index of /cgi-bin/ response |
Summary | This event is generated when a webserver returns a directory listing of it's cgi-bin.
|
Impact | Information gathering.
|
Detailed Information | This event is generated when a webserver returns a directory listing of it's cgi-bin. The scripts listed may be valuable to an attacker when planning further attacks against the webserver. It may also be possible for the attacker to download the contents of the cgi-bin and view the contents of the script sources.
|
Affected Systems | All web server platforms.
|
Attack Scenarios | An attacker can list the contents of the cgi-bin, discover the filename of a vulnerable script and use the information to execute an exploit against the server.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Disallow directory content listing of the cgi-bin.
|
Additional References | |
Rule References | nessus: 10039
|