Search Engine: Elastic

Article ID: 117891, created on Oct 11, 2013, last review on Oct 11, 2013

  • Applies to:
  • Operations Automation


Through perl scripts, end customers can acquire some information on the Windows web hardware node. Is it safe?


After a thorough investigation by the security team , it was determined, that it is possible to run some commands, but it is allowed to the web user - which is the meaning of CGI, when the user is allowed to run commands. Even if it would be prohibited to run specific command(ipconfig e.g), it would still be possible to gather the same information using pure Perl and Windows-specific modules, e.g.:

To restrict Perl completely, it is possible to leave only ASP.NET on the node and remove other scripting packages. You would need to do the following:

  1. In POA PP, go to Deployment Director > Server Manager > <Hardware_node> > Packages,
  2. Remove ActivePerl package,
  3. Access the node, and remove ActivePerl through Win+R > appwiz.cpl.

The same can be done with PHP packages and application.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF