Displaying 6 results from an estimated 6 matches for "trustwav".
Did you mean:
trustwave
2015 Aug 11
4
Apache mod_perl cross site scripting vulnerability
...pache2::Status resources is explicitly allowed via <Location
/perl-status> httpd.conf configuration directive. Its occurrence can be
prevented by using the default configuration for the Apache HTTP web
server (not exporting /perl-status).
I haven't used <Location /perl-status> but Trustwave still finds me
vulnerable.
Evidence:
Request: GET /perl-
status/APR::SockAddr::port/"><script>alert('xss')</script> HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: www.mydomain.com
Content-Type: text/html
Content-Length: 0
Res...
2015 Aug 12
2
Apache mod_perl cross site scripting vulnerability
On 2015-Aug-11 19:57, Ellen Shull wrote:
> On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote:
>
> > I haven't used <Location /perl-status> but Trustwave still finds me
> > vulnerable.
> >
> [...]
> > Response: HTTP/1.1 404 Not Found
>
> You clearly aren't serving perl-status; that's a red herring here.
Indeed, I don't have mod_proxy installed.
> [...]
> > Body: contains '"><script&...
2015 Aug 12
0
Apache mod_perl cross site scripting vulnerability
On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote:
> I haven't used <Location /perl-status> but Trustwave still finds me
> vulnerable.
>
[...]
> Response: HTTP/1.1 404 Not Found
You clearly aren't serving perl-status; that's a red herring here.
[...]
> Body: contains '"><script>alert('xss')</script>'
That's your problem; they're flaggi...
2015 Aug 12
0
Apache mod_perl cross site scripting vulnerability
...is explicitly allowed via <Location
> /perl-status> httpd.conf configuration directive. Its occurrence can be
> prevented by using the default configuration for the Apache HTTP web
> server (not exporting /perl-status).
>
> I haven't used <Location /perl-status> but Trustwave still finds me
> vulnerable.
>
> Evidence:
> Request: GET /perl-
> status/APR::SockAddr::port/"><script>alert('xss')</script> HTTP/1.1
> Accept: */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> Host: www.mydomain.com
> Co...
2011 Feb 18
4
Recommendation for a Good Vulnerability Scanning Service?
Hi,
Can someone recommend a good vulnerability scanning service? I just
need the minimum for PCI compliance (it's a sort of credit card
processing certification).
I got a free scan from https://www.hackerguardian.com/ and their scan
reported a number of "Fail" results. I haven't checked them all yet
but most seem to be things for which fixes were backported looong ago
by The
2012 Dec 14
1
CVE-2006-4925 - Affected OpenSSH Versions
Comparison of http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz to http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz source codes, in conjunction with the changes shown at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h, appear to shows that CVE-2006-4925 was fixed with the release of OpenSSH 4.5.
However, can a