none
PCI compiance failed for CGI Generic Command Execution (time-based) RRS feed

  • Question

  • Hi

    I have a website which is running on IIS server. when PCI scan is ran over the website, PCI scan send error as below

    TCP      443  

    Title: CGI Generic Command Execution (time-based) Synopsis: It may be possible to run arbitrary code on the remote web server. Impact: The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. See also :

    The security hole is on TCP 443 and not on http ? 

    I already have implemented to check all the post data. if it contains characters or words like "<", ">","Script", I am returning a 403 Forbidden Error. Should I add more words / character into this list ?

    Can some one suggest how I need to fix it


    Umesh

    • Moved by CoolDadTx Thursday, August 30, 2018 9:09 PM ASP.NET related
    Thursday, August 30, 2018 11:35 AM

All replies