| VID |
21238 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sambar web server has the default CGI that discloses the sensitive information.
At the fist installation time, the Sambar web server has some CGI files, testcgi.exe and environ.pl in the CGI-BIN directory by default. These CGI files contains a lot of information about the remote system such as the physical path to the files on the filesystem. By making a request of these CGI, a remote attacker can cause the server to display the physical path of the request file and gain the sensitive information of the system. It's used to perform further attacks by attacker.
* References:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0155.html
http://www.sambar.com/security.htm
* Platforms Affected:
Sambar server 5.3 and earlier |
| Recommendation |
Delete the default CGI files from the web server. |
| Related URL |
(CVE) |
| Related URL |
7207 (SecurityFocus) |
| Related URL |
11630 (ISS) |
|
