HTTP CGI directory cgi-bin found 2.0
 
Plugin ID12
Plugin nameHTTP CGI directory cgi-bin found
Plugin filenameHTTP CGI directory cgi-bin found.plugin
Plugin filesize2685 bytes
Plugin familyHTTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/13
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version2.0
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.3. Improved the pattern matching and added the changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /cgi-bin HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *
Plugin detection accuracy98
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug affectedWeb servers with a default cgi-bin directory.
Bug not affectedWeb servers without the default cgi-bin directory.
Bug vulnerability classConfiguration
Bug descriptionAn attacker can try to reach /cgi-bin as a possible directory for CGI scripts. If he gets an Found message he could determine that this directory exists and is used. This information can be used for further attempts.
Bug solutionDo not allow users to get the directory listing of the cgi directory.
Bug fixing time30 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity8
Bug simplicity8
Bug impact4
Bug risk5
Bug Nessus riskMedium
Bug check toolsMany CGI and security scanners are able to do the same or a similar check.
Source Nessus ID10039
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.