back to article Cisco patch day fixes CGI script blunder, hard-coded credentials

If you've got a Cisco Unified Computing System or a Firepower 9000 Series appliance, get busy patching. The Borg says it slipped up and let a CGI script make unprotected calls to shell commands. By fooling around with the URL, an attacker would be able to send arbitrary commands to the affected kit. All versions of UCS …

  1. Hans 1 Silver badge
    Facepalm

    WTF???? CGI ????

    https://www.w3.org/Security/faq/wwwsf4.html

    Some 17 years ago, w3 warned about the potential security hole CGI represents. 17 years AGO!!!!!!!

    1. teknopaul Silver badge

      Re: WTF???? CGI ????

      Better tell that to Facebook, lamp stack uses (fast)cgi, as do lots of other Web frameworks, the notion that scripts are insecure does not sit well with the JavaScript community. That link recommends C for Web facing code, me ☺ its a tad out of date

  2. teknopaul Silver badge

    where is vulture south?

    That OZ? we get 300mbs as standard domestic adsl in Barcelona

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019