Code: p92 Severity: Notice
Description: This check recognizes an attack on the PHP cgi-bin program. By accessing the php.cgi program with specially formatted arguments, a remote attacker can obtain directory listings of directories on the Web server, providing the attacker with information about the machine. An attacker can use this method to list and read the files on the target web server. This information can, in turn, be used to launch further attacks against the system or network. Impact: All systems using the PHP facility prior to Version 2.0. Since this facility does not come with web servers by default, but is installed manually, you should check to see whether your web servers have this vulnerability. Corrective ActionRealSecure will display the file(s) that the attacker attempted to read. If the target system is vulnerable to this attack, then you should examine the files the attacker attempted to read and take action appropriate to the content of those files. Upgrade the PHP facility to version 2.0 or later. If this is not possible, disable the PHP facility or move the PHP directory structure outside the web tree. Code:p93 Name:HTTP_View Source Description: This event is generated when an attempt is made to exploit a known vulnerability in a CGI web application running on a server. Impact: Information gathering and system integrity compromise. Possible unauthorized administrative access to the server or application. Possible execution of arbitrary code of the attackers choosing in some cases. Corrective: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
