Code: p634 Severity: Warning
Description: Attempted tfp command access via web Impact: Possible attempt to gain information using the Trivial File Transfer Protocol (tfp) to access sensitive files on a webserver. It is also possible that an attempt is being made to remotely boot or reboot a device using tfp. Corrective: Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This command may also be requested on a command line should the attacker gain access to the machine. Non-essential binaries should be removed from a webserver once it is in production.
|
