LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Justice Guestbook 1.3 Multiple Vulnerabilities (http://www.linuxquestions.org/questions/linux-security-4/justice-guestbook-1-3-multiple-vulnerabilities-4175455096/)

call_krushna 03-22-2013 02:22 AM

Justice Guestbook 1.3 Multiple Vulnerabilities
 
Hi all,

We found Justice Guestbook 1.3 Multiple Vulnerabilities threat to our server .Below are details

___________________________________________________-
Synopsis
The remote web server is hosting a PHP script that is affected by multiple vulnerabilities.

Description
The remote host is running Justice Guestbook.

This set of CGI has two vulnerabilities :

- It is vulnerable to cross-site scripting attacks (in jgb.php3).
- If the user requests the file cfooter.php3, he will obtain the physical path of the remote CGI.
An attacker may use these flaws to steal the cookies of your users or to gain better knowledge about this host.

See Also
http://securityreason.com/securityalert/3347

Solution
There is no known solution at this time.

__________________________________________________


I did not found solution over net . We are not using php.

OS :- Ubuntu 12.04LTS

application :- Liferayportal 6.0.x


How to fix this issue . Any help is highly appreciable .

unSpawn 03-22-2013 02:46 AM

Quote:

Originally Posted by call_krushna (Post 4916388)
We found Justice Guestbook 1.3 Multiple Vulnerabilities threat to our server .(..) We are not using php. (..) Liferayportal 6.0.x
How to fix this issue .

Liferay uses Java ergo the scanner you used is way off. Which one is it?

call_krushna 03-22-2013 02:57 AM

Quote:

Originally Posted by unSpawn (Post 4916395)
Liferay uses Java ergo the scanner you used is way off. Which one is it?

The vendor is using Nessus to generate report .

Is there any work around ?

unSpawn 03-23-2013 02:56 AM

Quote:

Originally Posted by call_krushna (Post 4916401)
Is there any work around ?

Yes, explain to the vendor that you don't run this product. That should make them realize that particular test (#11501) is a non-issue in your case.


All times are GMT -5. The time now is 09:29 AM.