Signature Detail

HTTP: test.cgi Files Listing

This signature detects attempts to access the script test.cgi. Attackers can use script to obtain file listings on the server.

Extended Description

NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This could be used to gain information to facilitate future attacks. This is identical to a problem with another sample script, nph-test-cgi. See references.

Affected Products

• Apache Software Foundation Apache 0.8.11
• Apache Software Foundation Apache 0.8.14
• Apache Software Foundation Apache 1.0.0
• Apache Software Foundation Apache 1.0.2
• Apache Software Foundation Apache 1.0.3
• Apache Software Foundation Apache 1.0.5
• NCSA httpd 1.3.0
• NCSA httpd 1.4.0
• NCSA httpd 1.4.1
• NCSA httpd 1.4.2
• NCSA httpd 1.5.0 a-export
• NCSA httpd 1.5.1
• NCSA httpd 1.5.2
• NCSA httpd 1.5.2 a

References

• BugTraq: 2003
• CVE: CVE-1999-0070