WAF 393134

From Atomicorp Wiki
Revision as of 12:50, 27 February 2015 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 393134
Status Active
Alert Message Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access

Contents

Description

This rules detects access to either the test.cgi or test.fcgi scripts.

Some versions of test scripts contain serious security vulnerabilities that allow attackers to compromise the system. Specifically, the test.cgi and test.fcgi scripts are known examples of this, and have been used by attackers for decades to compromise vulnerable systems.

These scripts can also be used to carry out recon attacks on the system, listing files, system configurations and gathering other information attackers can use to compromise the system.

This by itself may not be an attack if this action is being carried out by a trusted user.

Troubleshooting

False Positives

A false positive can occur when a request legitimately uses this web application. If you want to allow the use of this script, simply disable this rule.

If you believe this is a false positive, first check to see if the request was for "test.cgi" or "test.fcgi". If it was, then this is not a false positive. The rule is performing exactly as intended. If you wish to allow access to this script, simply disable this rule.

If the request was not for "test.cgi" or "test.fcgi", please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for basic information.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

Personal tools