HTTP_mail command attempt


Code: p658

Severity: Warning


Description: This event is generated when execution of a "mail" command using the path /bin/mail is attempted via HTTP.

Impact: Possible intelligence gathering. This may be an attempt to gain information using mail to access sensitive files on a webserver.

Corrective: Webservers should not be allowed to view or execute files and binaries outside of its designated web root or cgi-bin. This command may also be requested on a command line should the attacker gain access to the machine. Non-essential binaries should be removed from a webserver once it is in production.