GEN:SID | 1:835 |
Message | WEB-CGI test-cgi access |
Summary | This event is generated when an attempt is made to access to the cgi script test-cgi.
|
Impact | Information disclosure.
|
Detailed Information | The test-cgi script is provided as part of the Apache web server to test that cgi scripts are working. It can provide vital information about the configuration of your webserver that may be invaluable to a potential attacker.
|
Affected Systems | All versions of Apache. |
Attack Scenarios | A standard web request using a browser.
lynx http://victim/cgi-bin/test-cgi
$ telnet victim 80 Trying 192.168.0.2... Connected to victim. Escape character is '^]'. GET /cgi-bin/test-cgi HTTP/1.0
|
Ease of Attack | Simple. Exploit software is not required.
|
Corrective Action | Determine the need for this script, and remove it if there is no need.
|
Additional References | |
Rule References | arachnids: 218
bugtraq: 2003
cve: 1999-0070
nessus: 10282
|