Where is CGI-BIN ?

[Ronaldr]

Im trying to have my server made PCI DSS Compliant.

During a PCI Compliant Scan, It turned up 4 security holes that deal with CGI Abuses, It tells me to navigate to the CGI-BIN and remove the associated scripts. However I was not able to find the scripts or the directory "cgi-bin". Could someone please point me in the right direction ?

Here are the errors that are displayed in the scan

Security hole found on port/service "http (80/tcp)"
Plugin "guestbook.pl"
Category "CGI abuses "
Priority "Medium Priority "The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).

Solution : remove it from /cgi-bin.

Risk factor : High

Security hole found on port/service "http (80/tcp)"
Plugin "uploader.exe"
Category "CGI abuses "
Priority "Urgent "Synopsis : The remote web server contains a CGI script that is prone to arbitrary command execution. Description : The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them.
See also: http://www.nessus.org/u?4b667852
http://www.nessus.org/u?3bca098f

Solution : Verify that the affected script does not allow arbitrary uploads and remove it if it does.

Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C/I/A)

Security hole found on port/service "http (80/tcp)"
Plugin "Apache::ASP source.asp"
Category "Web Servers "
Priority "Urgent "Synopsis : The remote web server is affected by an arbitrary file creation vulnerability. Description : The file /site/eg/source.asp is present on the remote Apache web server. This file comes with the Apache::ASP package and allows anyone to write to files in the same directory. An attacker may use this flaw to upload his own scripts and execute arbitrary commands on this host.
See also: http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html

Solution : Upgrade to Apache::ASP 1.95 or newer.

Security hole found on port/service "http (80/tcp)"
Plugin "cgiWebupdate.exe vulnerability"
Category "CGI abuses "
Priority "Medium Priority "The CGI 'cgiWebupdate.exe' exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker can use this hole to gain access to confidential data or escalate their privileges on the web server.

Solution : remove it from the cgi-bin or scripts folder. *** As Nessus solely relied on the existence of the cgiWebupdate.exe file, *** this might be a false positive

Risk factor : High

 

[DutchDaemon]

[cmd=]grep cgi- httpd.conf[/cmd], perhaps?