Ok, how do I disable it?
Ty
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 7/24/99, 7:35:14 PM, "James J. Capone" <[EMAIL PROTECTED]> wrote
regarding [newbie] FW: Redhat 6.0 cachemgr.cgi lameness:
> This could also go for Mandrake 6.0 that same file is in the cgi-bin
directory. Cover yourselves...
> James J. Capone
> *******************
> Webmaster http://www.linuxuser.8m.com
> Webmaster http://www.teammajestic.8m.com
> Asst. Webmaster http://www.ptm.com
> Co-Author: Linux For Newbies
> "Even Common People Can Attain Uncommon Results"
> -----Original Message-----
> From: [EMAIL PROTECTED]
> Sent: Friday, July 23, 1999 7:37 PM
> To: [EMAIL PROTECTED]
> Subject: Redhat 6.0 cachemgr.cgi lameness
> Hi... After installing Redhat 6.0, I looked around a bit and I
> noticed something interesting:
> In /home/httpd/cgi-bin there is a CGI program called cachemgr.cgi,
> and it can be accessed by remote users by default.
> So I went to look at it, and I noticed that what it does is it
> lets any user connect to any hostname/port he/she chooses via the
> interface it provides.. and then see the connection results -
> if the connection was not successful it prints out the full connect()
error;
> otherwise it just stays frozen, waiting for HTTP data, or httpd might
> give you an "Internal Server Error" - Both of those mean that a
connection
> has been established.
> This is what it looks like from lynx:
> Cache Manager Interface
> This is a WWW interface to the instrumentation interface for the
Squid
> object cache.
> _________________________________________________________________
> Cache Host: localhost_____________________
> Cache Port: 3128__________________________
> Manager name: ______________________________
> Password: ______________________________
> Continue...
> This is, obviously, not good, because this CGI program can be used as
a
> powerful portscanning or a denial of service tool. I suggest that
Redhat
> 6.0 users check to see if they have it, and then disable it if they
do.
> - Daniel ([EMAIL PROTECTED])
