The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

2.  Vulnerable CGI programs and application extensions (e.g., ColdFusion) installed on web servers.

Most web servers support Common Gateway Interface (CGI) programs to provide interactivity in web pages, such as data collection and verification.  Many web servers come with sample CGI programs installed by default.

Versions Effected:  Any web server with CGI support

CVE Entry:  

Sample CGI Programs: CAN-1999-0736, CVE-1999-0067, CVE-1999-0068, CVE-1999-0270, CVE-1999-0346, CVE-2000-0207

CGI Vulnerabilities not including sample programs:  CAN-1999-0467, CAN-1999-0509, CVE-1999-0021, CVE-1999-0039, CVE-1999-0058, CVE-1999-0147, CVE-1999-0148, CVE-1999-0149, CVE-1999-0174, CVE-1999-0177, CVE-1999-0178, CVE-1999-0237, CVE-1999-0262, CVE-1999-0279, CVE-1999-0771, CVE-1999-0951, CVE-2000-0012, CVE-2000-0039, CVE-2000-0208

ColdFusion Sample Program Vulnerabilities:  CAN-1999-0455, CAN-1999-0922, CAN-1999-0923

ColdFusion Other Vulnerabilities:  CAN-1999-0760, CVE-2000-0057

Details:  VLAD the Scanner not only scans for each of the CGI vulnerabilities identified by SANS it also scans for additional CGI vulnerabilities that are also considered to be security issues.  Click here to see a complete list of all the CGI vulnerabilities that VLAD scans for. 

Recommendations: Some general recommendations can be made to deal with CGI issues.  Do not run web servers as root.  Remove all sample scripts. Educate your staff to write safer CGI scripts.  Run web servers in a chroot()ed environment to protect against unknown exploits.

Additional Information:

http://www.cert.org/advisories/CA-96.11.interpreters_in_cgi_bin_dir.html

http://www.cert.org/advisories/CA-97.07.nph-test-cgi_script.html

http://www.cert.org/advisories/CA-96.06.cgi_example_code.html

http://www.cert.org/advisories/CA-97.12.webdist.html

http://www-4.ibm.com/software/developer/library/secure-cgi

http://www.cert.org/tech_tips/cgi_metacharacters.html

http://www.cert.org/advisories/CA-97.24.Count_cgi.html

http://www.sans.org/topten.htm

 


Contact: info@razor.bindview.com | | Bindview Home