Detections
Analytics
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
medium Nessus Plugin ID 10503
Synopsis
The remote service is vulnerable to information disclosure.Description
The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way.This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or perhaps usernames and passwords if they are hard-coded into the CGI scripts.
Solution
In httpd.conf, change the directive :Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
to
ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
See Also
http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Plugin Details
Severity: Medium
ID: 10503
File Name: suse_cgi_bin_sdb.nasl
Version: 1.36
Type: remote
Family: Web Servers
Published: 9/7/2000
Updated: 1/14/2021
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 9/7/2000
Reference Information
CVE: CVE-2000-0868
BID: 1658