Pre-processing on the server side is often required to check users authentication when working in CGI mode. Those preliminary actions can also
position diverse configuration parameters necessary for the CGI script to work correctly.
What is the potential impact?
CGI scripts might behave unexpectedly if the proper configuration is not set up before they are accessed.
Most serious security-related consequences will affect the authorization and authentication mechanisms of the application. When the web server is
responsible for authenticating clients and forwarding the proper identity to the script, direct access will bypass this authentication step.
Attackers could also provide arbitrary identities to the CGI script by forging specific HTTP headers or parameters. They could then impersonate any
legitimate user of the application.
