CGI security vulnerability Data Quick Check v1.0 (Turn II)

Source: Internet
Author: User
Tags chmod contains eval ftp iis include ini readable
cgi| Security | Security Vulnerabilities 26
Type: Attack type
Name: webwho.pl
Risk Rating: Medium
Description: If you have webwho.pl this CGI script in your Web executable directory, the intruder will be able to use it to read and write any files that the user who started the Web can do.
Recommendation: Delete or remove webwho.pl from your web directory
WORKAROUND: Delete or remove webwho.pl from your web directory

_____________________________________________________________________________________

27
Type: Attack type
Name: W3-msql
Risk Rating: Low
Description: A CGI (W3-MSQL) included with the Minisql package release can be used to execute arbitrary code with httpd UID permissions. This security vulnerability is caused by the scanf () function in the program.
Recommendation: If you have installed the Minisql software package, please delete or remove the W3-msql file in the/cgi-bin/directory
WORKAROUND: If you have installed the Minisql package, please delete or remove the W3-msql file from the/cgi-bin/directory. Or use the following patches.

Patch:

------W3-msql.patch---------

410c410
< scanf ("%s", boundary);
---
> scanf ("%128s", boundary);
418c418
< strcat (Var, buffer);
---
> Strncat (Var, buffer,sizeof (buffer));
428c428
< scanf ("Content-type:%s", buffer);
---
> scanf ("Content-type:%15360s", buffer);

------W3-msql.patch---------

__________________________________________________________________________________________


28
Type: Attack type
Name: Netscape FastTrack Server 2.0.1a
Risk Rating: Medium
Description: A remote buffer overflow vulnerability exists in the Netscape FastTrack server 2.0.1a shipped with UnixWare 7.1. By default, httpd, which listens to port 457, provides UnixWare documents through the HTTP protocol. If a GET request with a length exceeding 367 characters is transmitted to the server, the buffer overflows and the EIP value is overwritten, which can cause arbitrary code to execute with httpd permissions.
Recommendation: A temporary workaround is to turn off the Netscape FastTrack server
Workaround: The temporary workaround is to turn off the Netscape FastTrack server.


_____________________________________________________________________________________

29
Type: Attack type
Name: anyform.cgi
Risk Rating: High
Description: The ANYFORM.CGI program located in the Cgi-bin directory is used for simple forms to deliver a response through mail, but the program does not check user input thoroughly and can be exploited by intruders to execute any instruction on the server.
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Recommend that you upgrade the CGI program, or delete the file
Related connection: http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=719


___________________________________________________________________________________________


30
Type: Attack type
Name: whois.cgi
Risk Rating: Low
Description: An overflow vulnerability exists in whois.cgi with multiple webserver. They include:
Whois InterNIC lookup-version:1.02
CC whois-version:1.0
Matt ' s Whois-version:1
They will enable intruders to execute arbitrary code on your system using the right to start httpd users
Recommendation: Will ask whois.cgi in your web directory to delete or remove
Workaround: Ask whois.cgi in your web directory to delete or remove

_________________________________________________________________________________
31
Type: Attack type
Name: environ.cgi
Risk Rating: Medium
Description: The/CGI-BIN/ENVIRON.CGI program for other Web servers, such as Apache Web server or IIS, has a problem that allows intruders to bypass security and browse some files on the server
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Recommend that you upgrade the CGI program, or delete the file
Related connections:


___________________________________________________________________________________

32
Type: Attack type
Name: Wrap
Risk Rating: Medium
Description: The/CGI-BIN/WRAP program has two vulnerabilities that allow intruders to obtain illegal access to files on the server, such as:
Http://host/cgi-bin/wrap?/../../../../../etc
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/wrap file
Related connection: http://phoebe.cps.unizar.es/~spd/pub/ls.cgi


________________________________________________________________________________


33
Type: Attack type
Name: edit.pl
Risk Rating: Medium
Description:/cgi-bin/edit.pl has a security vulnerability that allows you to access the user's configuration using the following command:
http://www.sitetracker.com/cgi-bin/edit.pl?account=&password=
Recommendation: Recommend the audit Cgi-bin directory, avoid unnecessary procedures exist
Workaround: Delete the/cgi-bin/edit.pl file
Related connection: http://phoebe.cps.unizar.es/~spd/pub/ls.cgi


________________________________________________________________________________

34
Type: Attack type
Name: Service.pwd
Risk Rating: Medium
Description: Unix System http://www.hostname.com/_vti_pvt/service.pwd readable, will expose user password information

Recommendation: Delete
Workaround: Chown Root service.pwd
chmod service.pwd
Related connections:

___________________________________________________________________________
35
Type: Attack type
Name: Administrators.pwd
Risk Rating: Medium
Description: Unix System http://www.hostname.com/_vti_pvt/administrators.pwd readable, will expose user password information

Recommendation: Delete
Workaround: Chown Root administrators.pwd
chmod administrators.pwd
Related connections:


_____________________________________________________________________________

36
Type: Attack type
Name: Users.pwd
Risk Rating: Medium
Description: Unix System http://www.hostname.com/_vti_pvt/users.pwd readable, will expose user password information

Recommendation: Delete
Workaround: Chown Root users.pwd
chmod users.pwd
Related connections:
_________________________________________________________________________________


37
Type: Attack type
Name: Authors.pwd
Risk Rating: Medium
Description: Unix System http://www.hostname.com/_vti_pvt/authors.pwd readable, will expose user password information

Recommendation: Delete
Workaround: Chown Root authors.pwd
chmod authors.pwd
Related connections:

______________________________________________________________________________

38
Type: Attack type
Name: Visadmin.exe
Risk Rating: Medium
Description: This file Visadmin.exe exists in the Cgi-bin directory of the OMNIHTTPD Web server, so the attacker simply enters the following command:
Http://omni.server/cgi-bin/visadmin.exe?user=guest
After a few minutes, the server's hard drive will be fully stretched.
Recommendation: Delete
Workaround: Remove the Visadmin.exe from the Cgi-bin directory
Related connections:


________________________________________________________________________________

39
Type: Attack type
Name: Get32.exe
Risk Rating: High
Description: The Web server for Alibaba, whose Cgi-bin directory exists get32.exe This program, allows intruders to execute an arbitrary command:
Http://www.victim.com/cgi-bin/get32.exe|echo%20>c:\command.com
Recommendation: Delete
Workaround: Remove the GET32.exe from the Cgi-bin directory
Related connections:

______________________________________________________________________________________

40
Type: Attack type
Name: alibaba.pl
Risk Rating: High
Description: The Web server for Alibaba, whose Cgi-bin directory exists alibaba.pl This program, allows intruders to execute an arbitrary command:
Http://www.victim.com/cgi-bin/alibaba.pl|dir
Recommendation: Delete
Workaround: Remove the alibaba.pl from the Cgi-bin directory
Related connections:

___________________________________________________________________________________


41
Type: Attack type
Name: Tst.bat
Risk Rating: High
Description: The Web server for Alibaba, whose Cgi-bin directory exists tst.bat This program, allows intruders to execute an arbitrary command:
Http://www.victim.com/cgi-bin/tst.bat|type%20c:\windows\win.ini
Recommendation: Delete
Workaround: Remove the Tst.bat from the Cgi-bin directory
Related connections:

___________________________________________________________________________________

42
Type: Attack type
Name: Fpcount.exe
Risk Rating: Low
Description: If you use NT as your webserver operating platform and only install SP3 patches, intruders can use this CGI program for DOS attacks that deny access to your IIS service
Recommendation: Delete or remove Fpcount.exe from your web directory
WORKAROUND: Delete or remove Fpcount.exe in your web directory


_________________________________________________________________________________

43
Type: Attack type
Name: openfile.cfm
Risk Rating: Low
Description: If your web directory contains
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
These files, then intruders may be able to use them to read all the files on your system
Recommendation: Delete or remove openfile.cfm from your web directory
WORKAROUND: Delete or remove openfile.cfm in your web directory


_______________________________________________________________________________________


44
Type: Attack type
Name: exprcalc.cfm
Risk Rating: Low
Description: If your web directory contains
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
These files, then intruders may be able to use them to read all the files on your system
Recommendation: Delete or remove exprcalc.cfm from your web directory
WORKAROUND: Delete or remove exprcalc.cfm in your web directory
Related connection: Http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full


______________________________________________________________________________

45
Type: Attack type
Name: displayopenedfile.cfm
Risk Rating: Low
Description: If your web directory contains
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
These files, then intruders may be able to use them to read all the files on your system
Recommendation: Delete or remove displayopenedfile.cfm from your web directory
WORKAROUND: Delete or remove displayopenedfile.cfm in your web directory
Related connection: Http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full


_______________________________________________________________________________

46
Type: Attack type
Name: sendmail.cfm
Risk Rating: Medium
Description: Deletes or removes openfile.cfm from your web directory

An overflow vulnerability exists in whois.cgi with multiple webserver. They include:
Whois InterNIC lookup-version:

1.02
CC whois-version:1.0
Matt ' s Whois-version:1
They will make the intruder

Ability to execute arbitrary code on your system using the right to start httpd users



If your web directory contains
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/publish/admin/addcontent.cfm
These files, then intruders may be able to use them to read all the files on your system
Recommendation: Delete or remove sendmail.cfm from your web directory
WORKAROUND: Delete or remove sendmail.cfm in your web directory
Related connection: Http://www.allaire.com/handlers/index.cfm?ID=8727&Method=Full


_________________________________________________________________________________

47
Type: Attack type
Name: codebrws.asp
Risk Rating: Medium
Description: If you use Nt+iis as your webserver, intruders can use this ASP to view all files on your system that start httpd users have permission to read
Please go to the following address to search for patches
Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/
Http://www.microsoft.com/security/products/iis/checklist.asp
Recommendation: Delete or remove codebrws.asp from your web directory
WORKAROUND: Delete or remove codebrws.asp in your web directory


_____________________________________________________________________________________


48
Type: Information type
Name: codebrws.asp_1
Risk Rating: Medium
Description: There are codebrws.asp files under/iissamples/exair/howitworks/, using the following path:
Http://www.xxx.com/iissamples/exair/howitworks/codebrws.asp?source=/index.asp will be able to view the source code of the index.asp. Virtually any ASCII file can be browsed.

Recommendation: Delete a web directory called/iissamples/
WORKAROUND: Delete or remove codebrws.asp in your web directory
Please go to the following address to search for patches
Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/
Http://www.microsoft.com/security/products/iis/checklist.asp
Related connection: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/


_________________________________________________________________________________
49
Type: Attack type
Name: showcode.asp_1
Risk Rating: Medium
Description: There are showcode.asp files in the/msads/samples/selector/directory, with the following path:
Http://www.xxx.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../../boot.ini
The contents of the Boot.ini file can be found; in fact, intruders can use this ASP to view all the files on your system that start httpd users have permission to read

Recommendation: Disable anonymous access to the/msads directory
WORKAROUND: Delete or remove showcode.asp in your web directory
Please go to the following address to search for patches
Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/
Http://www.microsoft.com/security/products/iis/checklist.asp
Related connection: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/

_________________________________________________________________________________

50
Type: Attack type
Name:/MSADC directory can be accessed
Risk Rating: Medium
Description: WindowsNT IIS server's/MSADC directory can be accessed, resulting in a range of security issues, including the illegal invocation of an application by an intruder
Recommendation: Delete unnecessary directories created by the IIS default installation
Workaround: Disable/MSADC directory, if the directory must be opened, should be set at least to legitimate users need a password to access


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.