Guest Posted May 27, 2010 Posted May 27, 2010 Hi, I'm currently using CRE Loaded PCI B2B v6.4.1a. and I just had a PCI scan performed on my site. Below are the Security threats I need to repair. Numbers 1 and 2 are the most critical. I read a post in the CRE Loaded.org forums to look through this site for some advice. I'm pretty new at this so if you could please bare with me and explain it, I would really appreciate it. Here are my Discovered Security Threats: 1. TCP 110919 Open Port Re-check 2. TCP:443 500102 Cross-site scripting vulnerability in searchFor parameter to /search.php?test=query 3. TCP 504007 wireless access point detected 4. TCP:20 500073 TCP timestamp requests enabled 5. TCP:21 134324 FTP Supports Clear Text Authentication 6. TCP:443 500045 Cookie without HTTPOnly attribute can be accessed by scripts 7. TCP:443 500059 Apache ETag Header Discloses Inode Numbers Thank you, datoad
Guest Posted May 27, 2010 Posted May 27, 2010 Here's a little more detail on my two critical issues: 1. Open Port Re-check Miscellaneous :: Nessus ID 110919 Port TCP Risk 3 One of several ports that were previously open are now closed or unresponsive. There are numerous possible causes for this failure: - The scan may have caused a service to freeze or stop running. - An administrator may have stopped a particular service during the scanning process. This might be an availability problem related to the following reasons: - A network outage has been experienced during the scan, and the remote network cannot be reached from the Vulnerability Scanner any more. - This Vulnerability Scanner has been blacklisted by the system administrator or by automatic intrusion detection/prevention systems which have detected the vulnerability assessment. - The remote host is now down, either because a user turned it off during the scan or because a select denial fo service was effective. In any case, the audit of the remote host might be incomplete and may need to be done again. The traceroute information may provide insight as to which device is interfering with the scan. Solution: 1. Use a slower scan speed setting. 2. Disable your IPS during the scan. 3. Review packet filters on target. Information from Target: Connections to this host from the scanner with IP address ##.##.###.## were blocked on 2010-05-23 07:05:46 (GMT). The following ports are no longer responsive: 443, 80. 2. Cross-site scripting vulnerability in searchFor parameter to /search.php?test=query Web Services :: Saint ID 500102 Port TCP:443 Risk 3 A malicious web site could cause arbitrary commands to run on a client through a specially crafted link to the vulnerable server. In some cases, this could result in the compromise of the client's cookies, leading to unauthorized access to web applications. Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the <SCRIPT> tag and handle them accordingly. Several types of web servers and CGI programs include the user's request in their response. For example, a request for the page http://server/nonexistent_page.html may cause server to respond: The page nonexistent_page.html does not exist on this server. By sending an HTTP request containing SCRIPT tags to such a web server, it is possible to cause the web server to return a page containing arbitrary commands which are run by the client. While it is unlikely that a user would deliberately send a request which would cause this to happen, a user could be tricked into doing so by following a specially-crafted link on another web server. This vulnerability is known as cross-site scripting. A web server which is vulnerable to cross-site scripting could be exploited by a malicious web site to trick an unsuspecting user into executing arbitrary commands on his or her own computer. One possible outcome would be for the attacker to steal cookies from the user's web browser, which often contain authentication data that could be used to gain unauthorized access to web applications. Solution: Cross-site scripting can be fixed either by creating a customized error page which does not display the URI, or by applying one of the following fixes: osCommerce (12/23/03) [http://www.oscommerce.com/solutions/downloads] Upgrade to osCommerce 2.2 milestone Information from Target: Service: https SENT: GET /advanced_search_result.php?keywords=%3Cscript%3Ealert%28%27SAINTGXR%27%29%3C%2Fscript%3E&osCsid=default&manufacturers_HTTP/1.0 Host: http://www.domain.com RECEIVED: <div class="az_topBox_new"><div class="az_box_cont_new"><div class="az_box_cont_l_new"><div class="az_box_cont_r_new"><div class="az_box_cont_m_new"><div class="boxContents"><form name="quick_find" action="http://www.domain.com/advanced_search_result.php" method="get"><table border="0" align="center" cellpadding="0" cellspacing="0"><tr><td style="padding-right:10px; white-space:nowrap;">Search products:</td><td><input type="text" name="keywords" value="<script>alert('SAINTGXR')</script>" s
markw10 Posted June 26, 2010 Posted June 26, 2010 I am having the issue: Cookie without HTTPOnly attribute can be accessed by scripts also. I'm using CRE Loaded 6.4.1 and also have not found a solution to it. I'm interested in knowing if anyone can find a way to resolve this.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.