HTTP_bin/python access attempt


Code: p643

Severity: Warning


Description: Attempted /bin/python access via web

Impact: Attempt to execute a python script on a host.

Corrective: Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. Python may also be requested on a command line should the attacker gain access to the machine. Whenever possible, all python scripts on the host should be written using the restriceted access mode. This forces Python to execute the scripts in a "sandbox" which will disallow unsafe operations in the code.