Skip to main content

PCI Compliance and "help.php"

Myflag
Hello Forum Members, I am currently in the process of certifying one of my servers to be PCI Compliant. I have resolved all of the reported security vulnerabilities except the following: Security Warning found on port/service "www (2096/tcp)" Status Fail (This must be resolved for your device to be compliant). Plugin "TrustPort WebFilter help.php hf Parameter Directory Traversal" Category "CGI abuses " Priority "Medium Priority Synopsis The remote web server hosts a PHP script that can be abused to disclose the contents of arbitrary files. Description The TrustPort WebFilter administration console install listening on this port fails to sanitize user input to the 'hf' parameter of the 'help.php' script before using it to return the contents of a file. An unauthenticated, remote attacker can leverage this issue to view arbitrary files on the remote host. See also: http://www.securityfocus.com/archive/1/527826/30/0/threaded Risk factor MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N Plugin output Nessus was able to obtain the contents of 'windows/win.ini' with the following request : https://mydomain.net:2096/help.php?hf=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4v Li4vLi4vLi4vLi4vd2luZG93cy93aW4uaW5p
I am having the "help.php" problem with ports 2083, 2053, 8443, 2087, 2096. What would you recommend I do to prevent this vulnerability and pass the PCI Compliance scan?

Comments

2 comments

Date Votes
  • quizknows
    This is a false positive. They are erroneously thinking that cPanel services are "TrustPort WebFilter" A statement from you that "TrustPort WebFilter" is not installed, and that port 2096 is a cPanel webmail service should be sufficient to appeal this as a false positive.
    0
  • cPanelMichael
    Hello :) You can show them that cPanel listens on these ports: [~]# netstat -lnp | grep :2096 tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 6583/cpsrvd (SSL) -
    [~]# netstat -lnp | grep :208 tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 6583/cpsrvd (SSL) - tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 6583/cpsrvd (SSL) - tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 6583/cpsrvd (SSL) - tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 6583/cpsrvd (SSL) -
    I noticed you mentioned ports 2053 and 8443. What services do you have listening on these ports? Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post