We're getting PCI security alerts on the Cherry web engine. Is there some method of resolving this issue - i.e. install a later version of the web engine?
Thanks,
Bill
Here's the alert:
Server IP = X.X.X.X
THREAT:When the service made an HTTP request for a CGI file that was found to
exist on the Web server host, the Web server returned an HTTP redirection page
containing unsanitized user-supplied input to at least one of the CGI file's
parameters. Thus the host is vulnerable to cross-site scripting attacks.
A list of CGI vulnerable files can be found in the Result section below.
IMPACT:By exploiting this vulnerability, malicious scripts could be executed in
a client browser which processes the content of an HTTP redirection page
returned by the Web server.
SOLUTION:Contact the vendor/author of the CGI file(s) for a solution to this
issue.
RESULTS:GET
/en-US/search?client=">&site=">&output=">&q=">&proxystylesheet=">
HTTP/1.1
Host: X.X.X.X:8000
HTTP/1.1 303 See Other
Date: Wed, 04 Jul 2012 19:12:56 GMT
Content-Length: 618
Content-Type: text/html;charset=utf-8
Location:
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet=">
Server: CherryPy/3.1.2
Set-Cookie: session_id_8000=b35a7fbfe22ca405f9db492b63aa1544f6aa0846;
expires=Thu, 05 Jul 2012 19:12:56 GMT; httponly; Path=/
This resource can be found at
href='http://X.X.X.X:8000/en-US/search/?client=">&site=">http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet="></a
I tried hitting that URL, and all I got back in my browser was a search page with this:
">
Set as the search.
I don't think there is an exploitable vulnerability here, but I will file this with the Splunk Product Security Vulnerabilities