Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 20275 - Apache should not be distributed with any default cgi
Apache should not be distributed with any default cgi
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: apache (Show other bugs)
7.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Dale Lovelace
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-03 05:39 EST by Arenas Belon, Carlo Marcelo
Modified: 2007-03-26 23:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-10 13:27:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Arenas Belon, Carlo Marcelo 2000-11-03 05:39:25 EST 
apache's package is bundled with two "test" (default) cgi installed that
are remotely accesible on :

  http://servername/cgi-bin/printenv
  http://servername/cgi-bin/test-cgi

they are not currently enabled (as no +x bit is set) but they would send an
"Internal Server Error" message on excecution, letting a remote 
cracker to diferenciate between 7.0 and 6.x systems.

also, installing non functional scripts is problematic as explained on
#20270, but those scripts are of no utility and should be avoided when
possible as have been used as a remote breaking tool at least once on the
past.

as there is no reference of the reason why it are now enabled i guess it
should be on error, so a fix should be made.
Comment 1 Arenas Belon, Carlo Marcelo 2001-01-10 13:27:23 EST 
prinenv and test-cgi are still on apache-1.3.14-6 from beta2
Comment 2 Nalin Dahyabhai 2001-01-11 21:40:43 EST 
They will be moved from the cgi-bin directory to the documentation tree in
1.3.14-7 and later.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.