Conditions préalables
The web server is susceptible to one of the various web application exploits that allows for uploading a shell file.
Atténuations
Make sure your web server is up-to-date with all patches to protect against known vulnerabilities.
Ensure that the file permissions in directories on the web server from which files can be execute is set to the "least privilege" settings, and that those directories contents is controlled by an allowlist.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
|
Command Shell in Externally Accessible Directory A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server. |
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2018-05-31 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Mitigations, Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2020-12-17 +00:00 |
Updated Mitigations |