|Title:||Shells in /cgi-bin|
|Summary:||Checks for the presence of various shells in /cgi-bin|
The remote web server has one of these shells installed
in /cgi-bin :
ash, bash, csh, ksh, sh, tcsh, zsh
Leaving executable shells in the cgi-bin directory of
a web server may allow an attacker to execute arbitrary
commands on the target machine with the privileges of the
http daemon (usually root or nobody).
Solution : Remove all the shells from /cgi-bin.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-1999-0509|
Cert/CC Advisory: CA-96.11
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.