Family: Web Servers --> Category: attack
Apache Remote Command Execution via .bat files Vulnerability Scan
Vulnerability Scan Summary
Tests for presence of Apache Command Execution via .bat vulnerability
Detailed Explanation for this Vulnerability Test
The Apache 2.0.x Win32 installation is shipped with a
default script, /cgi-bin/test-cgi.bat, that allows a possible hacker to execute
commands on the Apache server (although it is reported that any .bat file
could open this vulnerability.)
A possible hacker can send a pipe character '|' with commands appended as parameters,
which are then executed by Apache.
This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.