Building for the Splunk Platform

PCI CGI vulnerability

wbcattell
Explorer

We're getting PCI security alerts on the Cherry web engine. Is there some method of resolving this issue - i.e. install a later version of the web engine?

Thanks,

Bill

Here's the alert:

Server IP = X.X.X.X

THREAT:When the service made an HTTP request for a CGI file that was found to
exist on the Web server host, the Web server returned an HTTP redirection page
containing unsanitized user-supplied input to at least one of the CGI file's
parameters. Thus the host is vulnerable to cross-site scripting attacks.

A list of CGI vulnerable files can be found in the Result section below.

IMPACT:By exploiting this vulnerability, malicious scripts could be executed in
a client browser which processes the content of an HTTP redirection page
returned by the Web server.

SOLUTION:Contact the vendor/author of the CGI file(s) for a solution to this
issue.

RESULTS:GET
/en-US/search?client=">&site=">&output=">&q=">&proxystylesheet=">
HTTP/1.1
Host: X.X.X.X:8000

HTTP/1.1 303 See Other
Date: Wed, 04 Jul 2012 19:12:56 GMT
Content-Length: 618
Content-Type: text/html;charset=utf-8
Location:
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet=">
Server: CherryPy/3.1.2
Set-Cookie: session_id_8000=b35a7fbfe22ca405f9db492b63aa1544f6aa0846;
expires=Thu, 05 Jul 2012 19:12:56 GMT; httponly; Path=/

This resource can be found at
href='http://X.X.X.X:8000/en-US/search/?client=">&site=">
http://X.X.X.X:8000/en-US/search/?client=">&site=">&output=">&q=">&proxystylesheet="></a

Tags (2)
0 Karma

dart
Splunk Employee
Splunk Employee

I tried hitting that URL, and all I got back in my browser was a search page with this:
">

Set as the search.

I don't think there is an exploitable vulnerability here, but I will file this with the Splunk Product Security Vulnerabilities

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...