Multiple Vendor test-cgi Arbitrary File Access

medium Nessus Plugin ID 10282

Synopsis

The remote web server contains a CGI script that is affected by information disclosure vulnerabilities.

Description

The remote web server contains the 'test-cgi' test script, which is included by default with some web servers.

The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERY_STRING', before echoing it back as part of a shell script. An unauthenticated attacker can leverage this issue to list the contents of directories on the remote host, subject to the permissions of the web server user id.

Solution

Disable or delete the CGI script.

See Also

http://www.securityfocus.com/advisories/582

Plugin Details

Severity: Medium

ID: 10282

File Name: test-cgi.nasl

Version: 1.39

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/1/1996

Reference Information

CVE: CVE-1999-0070

BID: 2003