504726 : Unauthorized Access via Web Server (/catinfo)

Risk 5 : Web Services

Local and remote users may be able to execute arbitrary commands on the HTTP server with the privileges of the httpd daemon. This may be used to compromise the HTTP server and, under certain configurations, gain privileged access.

The Hypertext Transport Protocol (HTTP) allows a client to access HTML pages and other web applications using a web browser. HTTP servers contain programs called CGI scripts which perform functions on the server at the request of the client (when a form is submitted, for example) and transmit results to the client's browser in the form of an HTML page.

For those interested in reading more about general WWW security and secure http://hoohoo.ncsa.uiuc.edu/cgi/ CGI programming, visit the http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html World Wide Web Security FAQ.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-04-01
New Search
Keywords
Risk Factor
Start Date
End Date
Browse