> I am going up against what looks like a standard Apache install with the > following mods: > > Apache/1.3.22 (unix) mod_perl/1.26 mod_fastcgi mod_ssl/2.8.5 > OpenSSL/0.9.6b > > I am not too experienced with Apache (and IIS is so easy). I have used > the test-cgi and printenv scripts to gain some info. My question is, > what are the vulnerabilities with the standard install (still has the > Apache "Welcome" message)? Do the mods have any exploitable weaknesses? > What are the default cgi-bin scripts (are there any)? I was able to use > this server as a proxy which got me past their firewall though. :) > > Sorry for the basic question. Any help would be appreciated.
off a default 1.3.22 install /usr/local/apache/cgi-bin/printenv /usr/local/apache/cgi-bin/test-cgi you really should get access to a unix box in order to install packages like this. will greatly assist you in figuring out default settings. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
