search for: trustwave

...pache2::Status resources is explicitly allowed via <Location /perl-status> httpd.conf configuration directive. Its occurrence can be prevented by using the default configuration for the Apache HTTP web server (not exporting /perl-status). I haven't used <Location /perl-status> but Trustwave still finds me vulnerable. Evidence: Request: GET /perl- status/APR::SockAddr::port/"><script>alert('xss')</script> HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: www.mydomain.com Content-Type: text/html Content-Length: 0 Resp...

On 2015-Aug-11 19:57, Ellen Shull wrote: > On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote: > > > I haven't used <Location /perl-status> but Trustwave still finds me > > vulnerable. > > > [...] > > Response: HTTP/1.1 404 Not Found > > You clearly aren't serving perl-status; that's a red herring here. Indeed, I don't have mod_proxy installed. > [...] > > Body: contains '"><script&g...

On Tue, Aug 11, 2015 at 4:46 AM, Proxy One <proxy-one at mail.ru> wrote: > I haven't used <Location /perl-status> but Trustwave still finds me > vulnerable. > [...] > Response: HTTP/1.1 404 Not Found You clearly aren't serving perl-status; that's a red herring here. [...] > Body: contains '"><script>alert('xss')</script>' That's your problem; they're flaggin...

...is explicitly allowed via <Location > /perl-status> httpd.conf configuration directive. Its occurrence can be > prevented by using the default configuration for the Apache HTTP web > server (not exporting /perl-status). > > I haven't used <Location /perl-status> but Trustwave still finds me > vulnerable. > > Evidence: > Request: GET /perl- > status/APR::SockAddr::port/"><script>alert('xss')</script> HTTP/1.1 > Accept: */* > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) > Host: www.mydomain.com > Con...

Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of "Fail" results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The

Comparison of http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz to http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz source codes, in conjunction with the changes shown at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h, appear to shows that CVE-2006-4925 was fixed with the release of OpenSSH 4.5. However, can a