Detections
Analytics

CGI Generic SSI Injection (HTTP headers)

high Nessus Plugin ID 42423

Language:

Synopsis

It may be possible to execute arbitrary code through a CGI script hosted on the remote web server.

Description

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings and seem to be vulnerable to an 'SSI injection' attack. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host.

Solution

Disable Server Side Includes if you do not use them.

Otherwise, restrict access to the vulnerable application or contact the vendor for a patch / upgrade.

See Also

https://en.wikipedia.org/wiki/Server_Side_Includes

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection

http://projects.webappsec.org/w/page/13246964/SSI%20Injection

Plugin Details

Severity: High

ID: 42423

File Name: torture_cgi_SSI_injection_headers.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 11/6/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 632, 713, 727, 74, 75, 752, 94, 96, 97