Code: p109 Severity: Notice
Description: This check will recognize an attack against the glimpse cgi_bin script present with certain httpd Web servers. This exploit allows a remote attacker to execute commands on the Web server machine as the user under which the httpd process is running. Impact: UNIX web servers using older versions of the glimpse search engine. Corrective: Check to see whether the target system is vulnerable to this attack. Check the RealSecure signature to see the command that the attacker attempted to execute on the target web server. Use this data to guide further investigation of the attack. If the system is vulnerable and the command indicates a possible incursion, then you should consider the system compromised and take appropriate action. Upgrade the version of the glimpse search engine you are using.
|
