Rule: -- Sid: 835 -- Summary: This event is generated when an attempt is made to access to the cgi script test-cgi. -- Impact: Information disclosure. -- Detailed Information: The test-cgi script is provided as part of the Apache web server to test that cgi scripts are working. It can provide vital information about the configuration of your webserver that may be invaluable to a potential attacker. -- Affected Systems: All versions of Apache. -- Attack Scenarios: A standard web request using a browser. lynx http://victim/cgi-bin/test-cgi $ telnet victim 80 Trying 192.168.0.2... Connected to victim. Escape character is '^]'. GET /cgi-bin/test-cgi HTTP/1.0 -- Ease of Attack: Simple. Exploit software is not required. -- False Positives: This may trigger on urls containing test-cgi, but are not necessarily indicative of an attack. For example, http://myhost.org/home/foobar/test-cgi.txt would trigger this rule. -- False Negatives: None Known -- Corrective Action: Determine the need for this script, and remove it if there is no need. -- Contributors: Original rule writer unknown Snort documentation contributed by Jon Hart <warchild@spoofed.org> Sourcefire Vulnerability Research Team Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --