Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure

Medium Nessus Plugin ID 10503


The remote service is vulnerable to information disclosure.


The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way.

This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or perhaps usernames and passwords if they are hard-coded into the CGI scripts.


In httpd.conf, change the directive :

Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/


ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/

See Also


Plugin Details

Severity: Medium

ID: 10503

File Name: suse_cgi_bin_sdb.nasl

Version: $Revision: 1.30 $

Type: remote

Family: Web Servers

Published: 2000/09/07

Modified: 2014/05/26

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 2000/09/07

Reference Information

CVE: CVE-2000-0868

BID: 1658

OSVDB: 402