Apache includes two sample Common Gateway Interface (CGI) scripts, printenv and test-cgi. A production Web server must contain only components that are operationally necessary. These components have the potential to disclose critical information about the system to an attacker.

As a security best practice, delete the CGI scripts from the cgi-bin directory.


  • To remove test-cgi and prinenv scripts, run the rm /usr/share/doc/packages/apache2/test-cgi and rm /usr/share/doc/packages/apache2/printenv commands.