Description

A test CGI (Common Gateway Interface) script was found on this server. The response page returned by this CGI script is leaking a list of server environment variables.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.

Remediation

Restrict access to this CGI file or remove it from your system.

References

CGI

Related Vulnerabilities

SVN Detected

JBoss Seam remoting vulnerabilities

SQLite Database File Found

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure