Detections
Analytics
CGI Generic Fragile Parameters Detection (potential)
low Nessus Plugin ID 50418
Language:
Synopsis
A web application returns 500 codes.Description
A web application hosted on the remote service returned 50x response codes when discovered CGIs were called with invalid values. These codes may have several origins :- A web application firewall or another defense mechanism may abruptly interrupt the request.
- There could be a transient web server or back-end failure. Common codes in such cases are 503 'Service Unavailable' or 504 'Gateway Timeout'.
- A processing error resulted in the crash of the CGI or a back-end module. Codes like 500 'Internal Server Error' or 502 'Bad Gateway' may be seen in such cases.
501 'Not Implemented' or 505 'HTTP Version Not Supported' codes should be seen during Nessus tests.
The reported CGIs should be audited.
Solution
- Audit the relevant CGIs.- Filter out malformed input data.
- Trap processing errors.
Plugin Details
Severity: Low
ID: 50418
File Name: torture_cgi_50x.nasl
Version: 1.7
Type: remote
Family: CGI abuses
Published: 10/30/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests, Settings/HTTP/OWASP10