Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: attack

Apache Remote Command Execution via .bat files Vulnerability Scan

Vulnerability Scan Summary
Tests for presence of Apache Command Execution via .bat vulnerability

Detailed Explanation for this Vulnerability Test

The Apache 2.0.x Win32 installation is shipped with a
default script, /cgi-bin/test-cgi.bat, that allows a possible hacker to execute
commands on the Apache server (although it is reported that any .bat file
could open this vulnerability.)

A possible hacker can send a pipe character '|' with commands appended as parameters,
which are then executed by Apache.


This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.