Description

A test CGI (Common Gateway Interface) script was found on this server. The response page returned by this CGI script is leaking a list of server environment variables.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.

Remediation

Restrict access to this CGI file or remove it from your system.

References

CGI

Related Vulnerabilities

WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)

Delve Debugger Unauthorized Access Vulnerability

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Download (1.3.26)

Atlassian Confluence Stored Cross Site Scripting

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure