Bug#231665: general: default scripts in /cgi-bin/ for webservers

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#231665: general: default scripts in /cgi-bin/ for webservers
From: Thilo Pfennig <tp@alternativ.net>
Date: Sun, 08 Feb 2004 08:21:41 +0100
Message-id: <[🔎] E1ApjG9-0003LF-00@guru>
Reply-to: Thilo Pfennig <tp@alternativ.net>, 231665@bugs.debian.org

Package: general
Severity: normal
Tags: security

Hi, the files /usr/lib/cgi-bin/printenv and /usr/lib/cgi-bin/test-cgi are normally installed with Apaches. But they present information to every webuser, that schould not be public. I would suggest not to put them into /cgi-bin/ by default. I suppose updating a systems leads to reinstallation of those files if they are deleted before?

Thilo Pfennig

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux guru 2.6.0-1-386 #1 Tue Dec 23 17:54:12 EST 2003 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Reply to:

Prev by Date: Re: Library packages depending on data files
Next by Date: Re: debconf4: converting auto-cad shematics - help needed
Previous by thread: Bug#231651: ITP: minit -- Small but powerful init system
Next by thread: Bug#231721: ITP: dcraw-gimp -- GIMP plugin for loading RAW digital photos
Index(es):
- Date
- Thread