CGI aglimpse
advICE :Intrusions : 2002503

Summary

An attempt has been made to execute aglimpse, which is a program with known vulnerabilities.

Details

The intruder is scanning the web server on the system looking for potential vulnerabilities in the "dynamic content generation" portion of the web server. This feature of the web server runs a separate program to create web pages when users access the site.

There are hundreds of such programs that have security bugs in them. In this instance, a hacker is browsing the web server looking for one of these programs. Most of the hacking you read about in the news is due to hackers exploiting these programs and "defacing" the web site.

More information can be found under cgi-bin exploits.

Defense

If this script is visible to the outside world, you should remove it from the directory.

Remove all dynamic content that isn't absolutely necessary to run the web site. Double-check the scripts that you do use in order to verify that they won't permit a security breach.

More details

This attack is a standard PERL metacharacter CGI attack. This means that this is a CGI script written in PERL. The PERL program passes "tainted" user input directly to the shell interpreter.

parametric information URL The suspicious URL. accessed Indicates whether the URL was successfully accessed. code The HTTP return code. arg The argument to the GET command (if any).

 
Version appeared: