| VID |
21604 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server has an Web directory containing a downloadable core file. The core file contains an image of a process at the time of an error. The core file is named "core", and is placed in the directory where the application was running. If a program terminates abnormally, a core file is created by the system to store a memory image of the terminated process. This file contains sensitive information, such as contents of hardware registers, process status, process data, or even shadow password file contents.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Delete the core file from the Web directories immediately.
-- AND --
Consider disabling core dumps by setting a zero byte limit on the coredumpsize resource limit.
To set a zero byte limit on the coredumpsize resource limit:
In csh, add the command "limit coredumpsize 0" to specific user profile or global profile.
In bash, add the command "ulimit -c 0" to specific user profile or global profile. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
