nph-publish.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Mathieu Perrin <mathieu@tpfh.org>
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(10164);
 script_bugtraq_id(2563);
 script_version ("$Revision: 38 $");
 script_cve_id("CVE-1999-1177", "CVE-2001-0400");
 
 name["english"] = "nph-publish.cgi";
 name["francais"] = "nph-publish.cgi";
 script_name(english:name["english"], francais:name["francais"]);

 desc["english"] = "The 'nph-publish.cgi' is installed. This CGI has
 a well known security flaw that lets an attacker to execute arbitrary
 commands with the privileges of the http daemon (usually root or nobody).

Solution :  remove it from /cgi-bin.

Risk factor : High";

desc["francais"] = "Le cgi 'nph-publish.cgi' est install