|
|
Family: CGI abuses --> Category: infos
AN-HTTPd tests CGIs Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of several CGIs
Detailed Explanation for this Vulnerability Test
At least one of these CGIs is installed on the remote server :
cgi-bin/test.bat
cgi-bin/input.bat
cgi-bin/input2.bat
ssi/envout.bat
It is possible to misuse them to make the remote server
execute arbitrary commands.
For instance :
http://www.xxx.yy/cgi-bin/input.bat?|dir..\..\windows
would show a complete directory listing of the remote system's
private 'C:\windows\' directory.
Solution : Upgrade to the latest version of AN-HTTPd
(http://www.st.rim.or.jp/~nakata/), or contact your vendor
for a patch, or consider changing your HTTP server software.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
