| VID |
21065 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "nph-test-cgi" CGI is installed.
This CGI has a well known security flaw that lets an attacker get a listing of the /cgi-bin directory, thus discovering which CGIs are installed on the remote host. This vulnerability is also commonly present in the test-cgi program. The nph-test-cgi program is installed by default with Apache web servers up to and including v1.0.5. It is also installed with some versions of the NCSA web server. |
| Recommendation |
Remove it from /cgi-bin. The Apache web server starting with v1.1.3 no longer includes nph-test-cgi in a default installation. |
| Related URL |
CVE-1999-0045 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
289 (ISS) |
|
