Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Oracle Application Server test-cgi Page module is designed to detect misconfigurations or vulnerabilities in the Oracle Application Server. It targets the test-cgi page and checks for specific conditions to determine if there is a potential issue. The severity of this module is classified as informative, meaning it provides valuable information but may not indicate a critical vulnerability. This module was authored by DhiyaneshDk.
The impact of a misconfiguration or vulnerability in the Oracle Application Server test-cgi page can vary depending on the specific issue detected. It could potentially expose sensitive information or allow unauthorized access to the server. It is important to address any identified issues to ensure the security and integrity of the Oracle Application Server.
The Oracle Application Server test-cgi Page module works by sending a GET request to the "/cgi-bin/test-cgi" path of the server. It then applies a series of matching conditions to determine if the server is configured correctly and if any vulnerabilities are present.
The matching conditions for this module are as follows:
- The response body must contain the string "SERVER_SOFTWARE =". - The response header must contain the string "text/plain". - The HTTP status code must be 200.If all of these conditions are met, the module will report a potential misconfiguration or vulnerability in the Oracle Application Server test-cgi page.