|
Family: CGI abuses --> Category: infos
Backup CGIs download Vulnerability Scan
Vulnerability Scan Summary Attempts to download the remote CGIs
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to download the source code of several scripts
on the remote web server
Description :
By appending various suffixes (ie: .old, .bak, ~, etc...) to the
names of several pages on the remote host, it seems possible to
download the source code of these scripts.
You should ensure these files do no contain any sensitive information, such
as credentials to connect to a database.
Solution :
Delete these files.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|