Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:824 |
Message | WEB-CGI php.cgi access |
Summary | A remote user has tried access the php.cgi script. Some versions of this script can allow access to any file the server can read. |
Impact | Information disclosure. |
Detailed Information | Because of a design problem in this version of PHP/FI, remote users are able to access any file that the UID of the http process has access to. The exploit is a simple web request for the file and can be used with malicious intent. |
Affected Systems | PHP/FI 2.0 |
Attack Scenarios | An attacker can simply pass a file name to the script and be able to view the file if the web server has access to it. This can be used to obtain passwords or other sensitive information. Example: http://somewebserver/php.cgi?/path/to/desired/file |
Ease of Attack | Simple. |
Corrective Action | Upgrade or remove the file php.cgix |
Additional References | Arachnids: http://www.whitehats.com/info/IDS232 Bugraq: http://www.securityfocus.com/bid/2250 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0238 |
Rule References | arachnids: 232 bugtraq: 2250 bugtraq: 712 cve: 1999-0238 cve: 1999-058 nessus: 10178 |
--
DID:312665
--
http://www.aanval.com/