tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Millet" <joseph.mil...@gmail.com>
Subject Re: PHP Security Vulnerability???
Date Wed, 12 Sep 2007 23:21:05 GMT
you've must have got a phpinfo() page running somewhere ....
you can grep your www directory for that one ...

JJ

On 9/12/07, Arend P. van der Veen <apvanderveen@att.net> wrote:
>
> Wade Chandler wrote:
> > Does it give you any paths to this PHP application? I haven't seen
> anything like it from scanners
> > on my server.
> >
> > Wade
> >
> > --- "Arend P. van der Veen" <apvanderveen@att.net> wrote:
> >
> >> Hi,
> >>
> >> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2.  I thought I
> >> had everything locked down.
> >>
> >> I run a nessus scan and found a strange Vulnerability.  It says that
> states:
> >>
> >> The remote web server contains a PHP application that is affected by
> >> multiple vulnerabilities.
> >>
> >> I am not using PHP.  Has anyone else seen this?
> >>
> >> Thanks,
> >> Arend
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> Hi Wade,
>
> I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081
> (https) and use ipfw to forward from port 80 and 443 respectively. Could
> this part of my problem?  I am wondering if this is some kind of false
> positive.  Following is an excerpt from the Nessus Scan Report:
>
> ******************************************************************
> Synopsis :
>
> The remote web server contains a PHP application that is affected by
> multiple vulnerabilities.
>
> Description :
>
> The remote host is running phpSysInfo, a PHP application that parses
> the /proc entries on Linux/Unix systems and displays them in HTML.
>
> The installed version of phpSysInfo on the remote host has a design
> flaw in its globalization layer such that the script's variables can
> be overwritten independent of PHP's 'register_globals' setting. By
> exploiting this issue, an attacker may be able to read arbitrary files
> on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
> even execute arbitrary PHP code, both subject to the privileges of the
> web server user id.
>
> In addition, the application fails to sanitize user-supplied input
> before using it in dynamically-generated pages, which can be used to
> conduct cross-site scripting and HTTP response splitting attacks.
>
> See also :
>
> http://www.hardened-php.net/advisory_222005.81.html
>
> Solution :
>
> Upgrade to phpSysInfo 2.4.1 or later.
>
> Risk factor :
>
> Low / CVSS Base Score : 2.3
> (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
> CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
> BID : 7286, 15396, 15414
> Nessus ID : 20215
> ***********************************************************************
>
> Thanks,
> Arens
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message