Code: p88 Severity: Notice
Description: The cgi-bin script PHF, which comes pre-installed with several versions of NCSA and Apache Web servers, contains a vulnerability that allows any Web user access to the machine(s). A very common attack that uses the PHF facility on web servers to execute commands. These commands can be used to gather information for further attacks or even to gain root/administrator access to the target system. Impact: Older NCSA and Apache web servers. Corrective: Remove the PHF facility (it is not necessary for correct web server operation).
|
