nerdexam
GIAC

GSNA · Question #248

GSNA Question #248: Real Exam Question with Answer & Explanation

The correct answer is A. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other C. The countermeasure to 'printenv' vulnerability is to remove the CGI script. D. This vulnerability helps in a cross site scripting attack.. 'Printenv' vulnerability allows an attacker to input specially crafted links and/or other malicious it!)</script> Since 'printenv' is just an example CGI script (It comes with various versions of the Apache Web server.) that has no real use and has its own problems, there is no p

Question

John works as a professional Ethical Hacker. He has been assigned a project to test the security server. The output of the scanning test is as follows: = - = - = - = = Host: target_IP_address = Server: Apache/1.3.12 (Win32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22 + 200 OK: HEAD /cgi-bin/printenv John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Options

  • AWith the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other
  • B'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful
  • CThe countermeasure to 'printenv' vulnerability is to remove the CGI script.
  • DThis vulnerability helps in a cross site scripting attack.

Explanation

'Printenv' vulnerability allows an attacker to input specially crafted links and/or other malicious it!)</script> Since 'printenv' is just an example CGI script (It comes with various versions of the Apache Web server.) that has no real use and has its own problems, there is no problem in Answer: B is incorrect. 'Printenv' does not maintain any log file of user activities.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSNA Practice