Protecting Against Command Execution Attacks

If an attacker can execute arbitrary code on your servers, your systems are almost certainly going to be compromised. You need to take great care when designing how your web server interacts with the underlying operating system.

Risks

Prevalence
Common
Rating prevelance on Rating prevelance on Rating prevelance on
Exploitability
Moderate
Rating exploitability on Rating exploitability on Rating exploitability on
Impact
Devastating
Rating impact on Rating impact on Rating impact on

Remote code execution is a major security lapse, and the last step along the road to complete system takeover. After gaining access, an attacker will attempt to escalate their privileges on the server, install malicious scripts, or make your server part of a botnet to be used at a later date.

Command injection vulnerabilities often occur in older, legacy code, such as CGI scripts.