| VID |
21087 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "test-cgi" cgi is installed.
The test-cgi program shipped with older NCSA and Apache web server packages contains a vulnerability that allows remote users to view listings of files on your system. Exploit information for this hole has been widely distributed.
* References:
http://www.iss.net/security_center/static/149.php
http://www.atstake.com/research/advisories/1996/test-cgi-vulnerability.txt |
| Recommendation |
Remove test-cgi, in addition to any other example CGI scripts, from your cgi-bin directory. If these scripts exist on your system, you may be running an outdated server and should upgrade to the latest version offered by your vendor. |
| Related URL |
CVE-1999-0070 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
