Code: p131 Severity: Notice
Description: This check recognizes an attack on the cgi-bin nph-test-cgi script. This program, installed by default with certain versions of Apache and NCSA Web servers, allows remote attackers to gain information about the contents of the cgi-bin directory of the Web server which can be used for further attacks. Impact: Old Apache and NCSA web servers. Corrective Action Scan the web server with System Security Scanner to see if there are indications of unauthorized access. Check the access logs for indications of unauthorized access. If you do detect indications of unauthorized access, you should consider the system compromised and take appropriate action. Upgrade the web server software on your system. Remove the nph-test-cgi script. Code:p132 Name:HTTP_ TestCgi Description: This check recognizes an attack on the cgi-bin test-cgi script. This program, installed by default with certain versions of Apache and NCSA Web servers, allows a remote attacker to gain information about the contents of the cgi-bin directory of the Web server, which can be used for further attacks. Impact: Old Apache and NCSA web servers. Corrective: Scan the web server with System Security Scanner to see if there are indications of unauthorized access. Check the access logs for indications of unauthorized access. If you do detect indications of unauthorized access, you should consider the system compromised and take appropriate action. Upgrade the version of web server software on your system. Remove the test-cgi script.
|
