Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
Medium Nessus Plugin ID 10503
SynopsisThe remote service is vulnerable to information disclosure.
DescriptionThe directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way.
This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or perhaps usernames and passwords if they are hard-coded into the CGI scripts.
SolutionIn httpd.conf, change the directive :
Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/