| VID |
21779 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server has a CGI file vulnerable to a Server Side Include attack. Server Side Include (SSI) is used for generating dynamic web pages. SSI could potentially be abused to execute operating system commands in ways not intended by the developer. If the SSI feature is enabled, a remote attacker could send a specially-crafted HTTP request containing arbitrary shell commands to the server using Server Side Includes (SSI) to execute commands on the system with the privileges of the affected Web server process.
* References:
http://http-sever.carleton.ca/~dmcfet/html/ssi.html
http://support.microsoft.com/default.aspx?scid=kb;[LN];195291
http://support.microsoft.com/default.aspx?scid=kb;[LN];233969
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Modify the affected web page to filter shell metacharaters and prevent system command execution.
-- OR --
If you do not require SSI, set the default to disable it for all directories.
For Apache:
Do not use 'Options Includes', 'Options IncludesNOEXEC' or 'Options All' elsewhere. To disable SSI globally, ensure the Apache httpd.conf configuration file contains an 'Options -Includes' entry for the root directory similar to the following:
<Directory />
Options -Includes
</Directory>
For Microsoft IIS:
1. Using Regedit, find the HKLM\System\CurrentControlSet\Services\W3SVC\Parameters registry key.
2. Find the entry named SSIEnableCmdDirective.
3. Change the value to 0. |
| Related URL |
CVE-1999-0561 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1268,13688 (ISS) |
|
