John works as a professional Ethical Hacker. He has been assigned a project to test the security
of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure
server.
The output of the scanning test is as follows:
C.\whisker.pl -h target_IP_address
— whisker / v1.4.0 / rain forest puppy / www.wiretrip.net — = – = – = – = – =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability (‘Printenv’ vulnerability) in the We_are_secure server.
Which of the following statements about ‘Printenv’ vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

A.
The countermeasure to ‘printenv’ vulnerability is to remove the CGI script.

B.
‘Printenv’ vulnerability maintains a log file of user activities on the Website, which may be useful
for the attacker.

C.
With the help of ‘printenv’ vulnerability, an attacker can input specially crafted links and/or other
malicious scripts.

D.
This vulnerability helps in a cross site scripting attack.

Explanation: