tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arend P. van der Veen" <apvanderv...@att.net>
Subject Re: PHP Security Vulnerability???
Date Wed, 12 Sep 2007 11:33:11 GMT
Wade Chandler wrote:
> Does it give you any paths to this PHP application? I haven't seen anything like it from
scanners
> on my server.
> 
> Wade
> 
> --- "Arend P. van der Veen" <apvanderveen@att.net> wrote:
> 
>> Hi,
>>
>> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2.  I thought I 
>> had everything locked down.
>>
>> I run a nessus scan and found a strange Vulnerability.  It says that states:
>>
>> The remote web server contains a PHP application that is affected by
>> multiple vulnerabilities.
>>
>> I am not using PHP.  Has anyone else seen this?
>>
>> Thanks,
>> Arend
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
Hi Wade,

I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081 
(https) and use ipfw to forward from port 80 and 443 respectively. Could 
this part of my problem?  I am wondering if this is some kind of false 
positive.  Following is an excerpt from the Nessus Scan Report:

******************************************************************
Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The remote host is running phpSysInfo, a PHP application that parses
the /proc entries on Linux/Unix systems and displays them in HTML.

The installed version of phpSysInfo on the remote host has a design
flaw in its globalization layer such that the script's variables can
be overwritten independent of PHP's 'register_globals' setting. By
exploiting this issue, an attacker may be able to read arbitrary files
on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
even execute arbitrary PHP code, both subject to the privileges of the
web server user id.

In addition, the application fails to sanitize user-supplied input
before using it in dynamically-generated pages, which can be used to
conduct cross-site scripting and HTTP response splitting attacks.

See also :

http://www.hardened-php.net/advisory_222005.81.html

Solution :

Upgrade to phpSysInfo 2.4.1 or later.

Risk factor :

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
BID : 7286, 15396, 15414
Nessus ID : 20215
***********************************************************************

Thanks,
Arens

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message