LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-22-2013, 03:22 AM   #1
call_krushna
Member
 
Registered: Aug 2007
Location: India
Distribution: Ubuntu
Posts: 168

Rep: Reputation: 1
Justice Guestbook 1.3 Multiple Vulnerabilities


Hi all,

We found Justice Guestbook 1.3 Multiple Vulnerabilities threat to our server .Below are details

___________________________________________________-
Synopsis
The remote web server is hosting a PHP script that is affected by multiple vulnerabilities.

Description
The remote host is running Justice Guestbook.

This set of CGI has two vulnerabilities :

- It is vulnerable to cross-site scripting attacks (in jgb.php3).
- If the user requests the file cfooter.php3, he will obtain the physical path of the remote CGI.
An attacker may use these flaws to steal the cookies of your users or to gain better knowledge about this host.

See Also
http://securityreason.com/securityalert/3347

Solution
There is no known solution at this time.

__________________________________________________


I did not found solution over net . We are not using php.

OS :- Ubuntu 12.04LTS

application :- Liferayportal 6.0.x


How to fix this issue . Any help is highly appreciable .
 
Old 03-22-2013, 03:46 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Quote:
Originally Posted by call_krushna View Post
We found Justice Guestbook 1.3 Multiple Vulnerabilities threat to our server .(..) We are not using php. (..) Liferayportal 6.0.x
How to fix this issue .
Liferay uses Java ergo the scanner you used is way off. Which one is it?
 
Old 03-22-2013, 03:57 AM   #3
call_krushna
Member
 
Registered: Aug 2007
Location: India
Distribution: Ubuntu
Posts: 168

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
Liferay uses Java ergo the scanner you used is way off. Which one is it?
The vendor is using Nessus to generate report .

Is there any work around ?
 
Old 03-23-2013, 03:56 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Quote:
Originally Posted by call_krushna View Post
Is there any work around ?
Yes, explain to the vendor that you don't run this product. That should make them realize that particular test (#11501) is a non-issue in your case.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Firefox 16 re-released fixing multiple vulnerabilities LXer Syndicated Linux News 0 10-12-2012 11:30 PM
WARN: X.org X11 Multiple Vulnerabilities win32sux Linux - Security 1 06-23-2008 03:51 PM
WARN: Multiple Samba Vulnerabilities Capt_Caveman Linux - Security 1 05-16-2007 01:30 AM
LXer: Mozilla Thunderbird Multiple Vulnerabilities LXer Syndicated Linux News 0 07-28-2006 09:33 AM
LXer: Mozilla Products Contain Multiple Vulnerabilities LXer Syndicated Linux News 0 06-06-2006 05:21 AM


All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration