SuSE Apache CGI Source Code Viewing Vulnerability

Solution:
The offending entry in /etc/httpd/httpd.conf may be commented out with a '#':

#Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/

Alternatively, the line may be changed to:

ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/

Having made this change, stop and restart the server. By doing this CGI scripts may now be executed, but not read.



 

Privacy Statement
Copyright 2010, SecurityFocus