Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
FastCGI Unauthorized Access Vulnerability - Vulnerability Database

FastCGI Unauthorized Access Vulnerability

Description

FastCGI is a binary protocol for interfacing interactive programs with a web server. FastCGI is a variation on the earlier Common Gateway Interface (CGI).

If the FastCGI port is exposed, attackers can construct and send binary FastCGI packets to execute arbitrary commands.

It was confirmed that the FastCGI port 9000 is publicly accessible.

Remediation

The FastCGI port should not be publicly accessible. FastCGI should be configured to listen only on the local interface (127.0.0.1) or to use a unix socket.

References

FastCGI Specification

Related Vulnerabilities

Check for apache versions up to 1.3.25, 2.0.38 High
Common tags: Code Execution
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) High
Common tags: Code Execution
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) High
Common tags: Code Execution
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) High
Common tags: Code Execution
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) High
Common tags: Code Execution

Severity

High

Classification

CWE-78
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution