Splunk Dev

PCI CGI vulnerability

wbcattell
Explorer

We're getting PCI security alerts on the Cherry web engine. Is there some method of resolving this issue - i.e. install a later version of the web engine?

Thanks,

Bill

Here's the alert:

Server IP = X.X.X.X

THREAT:When the service made an HTTP request for a CGI file that was found to
exist on the Web server host, the Web server returned an HTTP redirection page
containing unsanitized user-supplied input to at least one of the CGI file's
parameters. Thus the host is vulnerable to cross-site scripting attacks.

A list of CGI vulnerable files can be found in the Result section below.

IMPACT:By exploiting this vulnerability, malicious scripts could be executed in
a client browser which processes the content of an HTTP redirection page
returned by the Web server.

SOLUTION:Contact the vendor/author of the CGI file(s) for a solution to this
issue.

RESULTS:GET
/en-US/search?client=">&site=">&output=">&q=">&proxystylesheet=">
HTTP/1.1
Host: X.X.X.X:8000

HTTP/1.1 303 See Other
Date: Wed, 04 Jul 2012 19:12:56 GMT
Content-Length: 618
Content-Type: text/html;charset=utf-8
Location:
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet=">
Server: CherryPy/3.1.2
Set-Cookie: session_id_8000=b35a7fbfe22ca405f9db492b63aa1544f6aa0846;
expires=Thu, 05 Jul 2012 19:12:56 GMT; httponly; Path=/

This resource can be found at
href='http://X.X.X.X:8000/en-US/search/?client=">&site=">
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet="></a

Tags (2)
0 Karma

dart
Splunk Employee
Splunk Employee

I tried hitting that URL, and all I got back in my browser was a search page with this:
">

Set as the search.

I don't think there is an exploitable vulnerability here, but I will file this with the Splunk Product Security Vulnerabilities

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...