Test Kennung:	10503
Kategorie:	CGI abuses
Titel:	Reading CGI script sources using /cgi-bin-sdb
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or perhaps usernames and passwords if they are hardcoded into the CGI scripts. Solution : In httpd.conf, change the directive: Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ to ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ Risk factor : High
Querverweis:	BugTraq ID: 1658 Common Vulnerability Exposure (CVE) ID: CVE-2000-0868 @stake Security Advisory: A090700-2 http://www.atstake.com/research/advisories/2000/a090700-2.txt http://www.securityfocus.com/bid/1658 SuSE Security Announcement: 20000907 (Google Search) http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html XForce ISS Database: suse-apache-cgi-source-code(5197) https://exchange.xforce.ibmcloud.com/vulnerabilities/5197
Copyright	This script is Copyright (C) 2000 Renaud Deraison

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.