| VID |
21089 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "tst.bat" cgi is installed. This CGI has a security flaw that lets anyone read arbitrary files with the privileges of the http daemon (root or nobody).
¡Ø BUGTRAQ:19991103 More Alibaba Web Server problems¡¦
* References:
http://www.securityfocus.com/bid/770
http://www.iss.net/security_center/static/3454.php |
| Recommendation |
Remove the tst.bat file from /cgi-bin directory. |
| Related URL |
CVE-1999-0885 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
