Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

PCI CGI vulnerability

wbcattell
Explorer
‎10-30-2012 09:43 AM

We're getting PCI security alerts on the Cherry web engine. Is there some method of resolving this issue - i.e. install a later version of the web engine?

Thanks,

Bill

Here's the alert:

Server IP = X.X.X.X

THREAT:When the service made an HTTP request for a CGI file that was found to
exist on the Web server host, the Web server returned an HTTP redirection page
containing unsanitized user-supplied input to at least one of the CGI file's
parameters. Thus the host is vulnerable to cross-site scripting attacks.

A list of CGI vulnerable files can be found in the Result section below.

IMPACT:By exploiting this vulnerability, malicious scripts could be executed in
a client browser which processes the content of an HTTP redirection page
returned by the Web server.

SOLUTION:Contact the vendor/author of the CGI file(s) for a solution to this
issue.

RESULTS:GET
/en-US/search?client=">&site=">&output=">&q=">&proxystylesheet=">
HTTP/1.1
Host: X.X.X.X:8000

HTTP/1.1 303 See Other
Date: Wed, 04 Jul 2012 19:12:56 GMT
Content-Length: 618
Content-Type: text/html;charset=utf-8
Location:
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet=">
Server: CherryPy/3.1.2
Set-Cookie: session_id_8000=b35a7fbfe22ca405f9db492b63aa1544f6aa0846;
expires=Thu, 05 Jul 2012 19:12:56 GMT; httponly; Path=/

This resource can be found at
href='http://X.X.X.X:8000/en-US/search/?client=">&site=">http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet="></a

Tags (2)
0 Karma
Reply

dart
Splunk Employee
Splunk Employee
‎12-17-2013 01:35 PM

I tried hitting that URL, and all I got back in my browser was a search page with this:
">

Set as the search.

I don't think there is an exploitable vulnerability here, but I will file this with the Splunk Product Security Vulnerabilities

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...