HCX - Security Scan reports test-cgi vulnerability
search cancel

HCX - Security Scan reports test-cgi vulnerability

book

Article ID: 377006

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

  • Security scans against HCX Manager detect "/cgi-bin/test-cgi" with an HTTP 200 response, which is flagged as a potential vulnerability.
/cgi-bin/test-cgi
Running HTTPS service
Product HTTPD exists -- Apache HTTPD
HTTP GET request to https://<HCX-IP>/cgi-bin/test-cgi
HTTP response code was an expected 200

Environment

HCX

Cause

The CGI module is disabled in the Apache configuration. However, when a security scanner scans the cgi-bin directory, it still receives an HTTP 200 response because the directory exists. This results in an incorrect flagging of a potential threat or vulnerability. This is a false positive and does not indicate a security issue.

Resolution

This issue will be resolved in future HCX releases.

 

Workaround:

  • Backup HCX Manager.
  • Remove the folder /etc/httpd/cgi-bin from HCX Manager.