|
Family: CGI abuses --> Category: infos
Reading CGI script sources using /cgi-bin-sdb Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /cgi-bin-sdb/
Detailed Explanation for this Vulnerability Test
The directory /cgi-bin-sdb is an Alias of
/cgi-bin - most SuSE systems are configured that
way.
This setting allows a possible hacker to obtain the source
code of the installed CGI scripts on this host. This is
dangerous as it gives a possible hacker valuable information
about the setup of this host, or perhaps usernames and
passwords if they are hardcoded into the CGI scripts.
Solution : In httpd.conf, change the directive:
Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
to
ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|