Code: p96 Severity: Notice
Description: This check recognizes an attack on the convert.bas cgi-bin program included as part of some versions of Novell's HTTP server. By accessing the convert program with specially formatted arguments, a remote attacker can view the contents of any file on the system with read permissions for the Web server's process. Impact: Novell web server 1.0. Corrective: If the target system is vulnerable to this attack, then you should consider the system compromised and take appropriate action. Remove the convert program from your web server. This was provided by Novell web servers by default. You should also consider upgrading the version of web server you are using.
|
