Code: p86

Severity: Notice


Description: Some versions of IRIX with SoftWindows installed ship by default with a CGI program called "reg_echo.cgi" which returns information about the server's hardware. This information could be used by an attacker to hone further attacks on the machine. The information returned is roughly identical to that given by the MachineInfo script, also installed by default.

Impact: Servers containing the Reg_Echo script.

Corrective: Remove the "reg_echo.cgi" script from the CGI-BIN directory of your web server.