835.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:
--
Sid:
835

--
Summary:
This event is generated when an attempt is made to 
access to the cgi script test-cgi.

--
Impact:
Information disclosure.

--
Detailed Information:
The test-cgi script is provided as part of the Apache web server to
test that cgi scripts are working.  It can provide vital information
about the configuration of your webserver that may be invaluable to a
potential attacker.

--
Affected Systems:
	All versions of Apache.
 
--
Attack Scenarios:
A standard web request using a browser.

lynx http://victim/cgi-bin/test-cgi

$ telnet victim 80
Trying 192.168.0.2...
Connected to victim.
Escape character is '^]'.
GET /cgi-bin/test-cgi HTTP/1.0

--
Ease of Attack:
Simple. Exploit software is not required.

--
False Positives:
This may trigger on urls containing test-cgi, but are not necessarily
indicative of an attack.  For example,
http://myhost.org/home/foobar/test-cgi.txt would trigger this rule.

--
False Negatives:
None Known

--
Corrective Action:
Determine the need for this script, and remove it if there is no need.

--
Contributors:
Original rule writer unknown
Snort documentation contributed by Jon Hart <warchild@spoofed.org>
Sourcefire Vulnerability Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--