/cgi-bin/test-cgi
Running HTTPS service
Product HTTPD exists -- Apache HTTPD
HTTP GET request to https://<HCX-IP>/cgi-bin/test-cgi
HTTP response code was an expected 200
HCX
The CGI module is disabled in the Apache configuration. However, when a security scanner scans the cgi-bin directory, it still receives an HTTP 200 response because the directory exists. This results in an incorrect flagging of a potential threat or vulnerability. This is a false positive and does not indicate a security issue.
This issue is resolved in VMware HCX 4.11 available at Broadcom Downloads
Workaround: