This policy contains rules that detect access to various CGI scripts. All of these scripts have possible exploits that will give a user unauthorized access or heightened privileges an Apache Web Server.
Download ITA Apache - Vulnerable CGI Scripts Policy
Apache HTTP Server (All Versions)
A security administrator uses this policy to track usage of cgi scripts, thereby watching for the misuse of cgi scripts via remote access.
Policy rules include:
- Ad.cgi Request
BugTraq ID 2103: A problem exists in the script that may allow access to restricted resources.
http://online.securityfocus.com/bid/2103
- Aglimpse CGI Request
BugTraq ID 2026: The aglimpse script fails to filter the pipe meta-character, allowing arbitrary command execution.
http://online.securityfocus.com/bid/2026
- Apexec CGI Request
BugTraq ID 2338: A vulnerability exists in apexec.pl which allows a remote user to traverse the filesystem of a target host. This may lead to the disclosure of file and directory contents.
http://online.securityfocus.com/bid/2338
- Auctionweaver CGI Request
BugTraq ID 1630: It is possible to view the contents of any known file residing on a system running auctionweaver.pl.
http://online.securityfocus.com/bid/1630
- Bb-hist CGI Request
BugTraq ID 1971: Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the CGI of the Display Server.
http://online.securityfocus.com/bid/1971
- Bizdb1-search.cgi Request
BugTraq ID 1104: Bizdb-search.cgi passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the web server.
http://online.securityfocus.com/bid/1104
- Bsguest.cgi Request
BugTraq ID 2159: Bsguest.cgi fails to properly filter ';' characters from user-supplied email addresses. As a result, maliciously formed values can cause the script to run arbitrary shell commands with the privilege level of the web server.
http://online.securityfocus.com/bid/2159
- Bslist.cgi Request
BugTraq ID 2160: Bslist.cgi fails to properly filter ';' characters from user-supplied email addresses. As a result, maliciously formed values can cause the script to run arbitrary shell commands with the privilege level of the web server.
http://online.securityfocus.com/bid/2160
- Calendar Admin CGI Request
BugTraq ID 1215: Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for meta-characters. It is therefore possible to execute arbitrary commands on the target host by passing "|shell commands|".
http://online.securityfocus.com/bid/1215
- Cgforum.cgi Request
BugTraq ID 1951: Cgforum.cgi improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are readable by user 'nobody' or the webserver.
http://online.securityfocus.com/bid/1951
- Cgiforum CGI Request
BugTraq ID 1963: Cgiforum.pl improperly validates user-supplied input to the "thesection" parameter. As a result, it is possible to remotely view arbitrary files on the host that are readable by user 'nobody'.
http://online.securityfocus.com/bid/1963
- Cnf_gi.htm Request
BugTraq ID 1025: Cnf_gi.htm supports remote management from the web via a system-supplied web server. Users can completely bypass authentication (username and password) by using a specific URL.
http://online.securityfocus.com/bid/1025
- CsBanner.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CsCreatePro.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSDownload.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CsFAQ.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSFiler.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSFileshare.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSGrid.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSIncludes.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSMailto.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSNews.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSRandomText.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- CSUpload.cgi Request
BugTraq ID 4764: It is possible to cause scripts obtained from CGIscripts.net to disclose sensitive system information.
http://online.securityfocus.com/bid/4764
- Everythingform.cgi Request
BugTraq ID 2101: Everythingform.cgi fails to properly filter shell commands from user-supplied input to the 'config' field. As a result, the script can be made to run arbitrary shell commands with the privilege of the web server.
http://online.securityfocus.com/bid/2101
- Ezshopper3 CGI Request
BugTraq ID 2109: By requesting a specially crafted URL, it is possible for a remote user to gain read access to various files that reside within the EZShopper directory.
http://online.securityfocus.com/bid/2109
- Faqmanager.cgi Request
BugTraq ID 3810: Faqmanager.cgi does not properly filter certain types of input from incoming web requests. It is possible to append a NULL character (%00) to the end of a web request and display the contents of an arbitrary web-readable file.
http://online.securityfocus.com/bid/3810
- Formmail CGI Request
BugTraq ID 2080: A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script.
http://online.securityfocus.com/bid/2080
- Ftp CGI Request
BugTraq ID 1471: By submitting a request to ftp.pl containing the special directory traversal characters it is possible to access any directory on the filesystem.
http://online.securityfocus.com/bid/1471
- Guestbook CGI Request
BugTraq ID 776: When guest book is configured to allow for HTML posts and you have enabled server-side includes for HTML, it may be possible for an attacker to embed SSI (server-side include) code in guestbook messages.
http://online.securityfocus.com/bid/776
- Htmlscript CGI Request
BugTraq ID 2001: Htmlscript is vulnerable to a file reading directory traversal attack using relative paths (e.g., "../../../../../../etc/passwd").
http://online.securityfocus.com/bid/2001
- Netauth.cgi Request
BugTraq ID 1587: A remote user is capable of gaining read access to any known file residing on a host running netauth.cgi through directory traversal.
http://online.securityfocus.com/bid/1587
- Newsdesk.cgi Request
BugTraq ID 2172: Due to a failure to properly remove '/../' sequences from user-supplied input, a malicious remote user may lead the newsdesk.cgi script to improperly reveal the contents of any file on the filesystem.
http://online.securityfocus.com/bid/2172
- Nph-test-cgi Request
BugTraq ID 686: A security hole exists in the nph-test-cgi script which allows any remote user to easily browse your filesystem via the WWW.
http://online.securityfocus.com/bid/686
- Pagelog.cgi Request
BugTraq ID 1864: Pagelog.cgi fails to check for '../' sequences in path and filename information supplied by the user. As a result, it is possible for a remote user to display or create files on the web server.
http://online.securityfocus.com/bid/1864
- Pals-cgi Request
BugTraq ID 2372: A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.
http://online.securityfocus.com/bid/2372
- Penguin Traceroute CGI Request
BugTraq ID 4332: The Penguin traceroute script does not adequately filter special characters. This makes it possible for a remote user to embed commands into a request using special characters such as the ';' or '|' characters.
http://online.securityfocus.com/bid/4332
- Poll_It CGI Request
BugTraq ID 1431: Poll_It relies on a number of internal variables. Any remote user can overwrite these variables by specifying the new value as a variable in the GET request. This can lead to unauthorized file reads or other compromises.
http://online.securityfocus.com/bid/1431
- Ppdscgi CGI Request
BugTraq ID 491: Due to a lack of authentication, remote attackers can display directories dynamically, which will allow unauthenticated access to the data in those directories.
http://online.securityfocus.com/bid/491
- Register.cgi Request
BugTraq ID 2157: Due to insufficient checking of input, it is possible to execute system binaries as the effective userid of the web server process.
http://online.securityfocus.com/bid/2157
- Rguest CGI Request
BugTraq ID 2024: Rguest is vulnerable to an attack allowing an intruder to retrieve the contents of arbitrary files to which the web server has access.
http://online.securityfocus.com/bid/2024
- Simpleguest.cgi Request
BugTraq ID 2106: An insecure call to the open() function leads to a failure to properly filter shell meta-characters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands.
http://online.securityfocus.com/bid/2106
- Sojourn.cgi Request
BugTraq ID 1052: Sojourn.cgi will accept and follow the '../' string in the variable contents, allowing read access to any .txt file the web server can read.
http://online.securityfocus.com/bid/1052
- Store.cgi Request
BugTraq ID 2385: Requesting a specially crafted URL by way of 'store.cgi', composed of '/../' sequences and appended with '%00' will disclose an arbitrary directory.
http://online.securityfocus.com/bid/2385
- Survey.cgi Request
BugTraq ID 1817: Survey.cgi does poor input checking, inappropriately allowing shell metacharacters in user supplied data. This could lead to an elevation of user privileges or the execution of shell commands.
http://online.securityfocus.com/bid/1817
- Test-cgi Request
BugTraq ID 2003: A security hole exists in the nph-test-cgi script which allows any remote user to easily browse your filesystem via the WWW.
http://online.securityfocus.com/bid/2003
- Textcounter CGI
BugTraq ID 2265: Due to insufficient checking of entered characters, it is possible for a remote user to input custom formatted strings into the environment variables, which when parsed can make it possible to execute arbitrary commands.
http://online.securityfocus.com/bid/2265
- Ultraboard.cgi Request
BugTraq ID 1164: Ultraboard.cgi is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the web server has read access to.
http://online.securityfocus.com/bid/1164
- Way-Board CGI Request
BugTraq ID 2370: A remote user could gain read access to known files outside of the root directory where Way-Board resides by requesting a specially crafted URL composed of '%00' sequences along with the known filename.
http://online.securityfocus.com/bid/2370
- Webspirs.cgi Request
BugTraq ID 2362: A remote user could gain read access to known files outside of the root directory where webspirs.cgi resides by requesting a specially crafted URL composed of '../' sequences along with the known filename.
http://online.securityfocus.com/bid/2362
- Www-sql CGI Request
BugTraq ID 2317: The www-sql HTTP database access script fails to authenticate remote users requesting files on the web site protected by .htaccess restrictions under the Apache web server.
http://online.securityfocus.com/bid/2317
- YaBB CGI Request
BugTraq ID 1668: Due to input validation problems in YaBB, relative paths can be specified in >file<. By exploiting this problem, a malicious user can view any file that the web server has access to.
http://online.securityfocus.com/bid/1668
To configure Intruder Alert to monitor an external audit log, follow the steps below:
- In the Registered Agents branch, select the Agent on the web server.
- Click NEW. The Audit Log dialog box appears.
- In the Description box, type a description of the log file.
- In the File Name box, type the path and the filename to monitor. In this case the Apache access_log file will be found in the following location /var/apache/logs/access_log.
- Select Single Line for the single line log file.
- Select OK.
- Select Save from the Agent Configuration view.
Last modified on: Wednesday, 31-Jul-02 15:53:28
|
