[jboss-jira] [JBoss JIRA] (AS7-4929) JBoss7 Fails ASV Scan Report Attestation of Scan Compliance
[
https://issues.jboss.org/browse/AS7-4929?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse commented on AS7-4929:
---------------------------------------
I would suggest if you detect a possible vulnerability in your own site that you should
refrain from publicly posting the URL to that site along with any report of the
vulnerability.
Do you have the details of the full request that is sent to trigger this? Trying the URL
in your original comment does not result in an error page with the word DEFACED
highlighted however any escaping my have been lost in the conversion to Jira - ideally
attach a text file containing the full request that is reported to reproduce this.
JBoss7 Fails ASV Scan Report Attestation of Scan Compliance
-----------------------------------------------------------
Key: AS7-4929
URL: https://issues.jboss.org/browse/AS7-4929
Project: Application Server 7
Issue Type: Quality Risk
Affects Versions: 7.0.2.Final
Environment: Centos
Reporter: Carlos Oliva
Labels: jboss
ASV Scan Report Attestation of Scan Compliance. Vulnerabilities Noted for each IP
Address
https (tcp/443)
GET
/LETtoaCuluFoy4DePCwPLiT0HI1s36zHz9s712uSci
4zxnjnmPAmXpdcnGMYmVwDfBGtXI6zXgIJ1YC8lqJ0T
YlUP8hajSNTWZJH7RUk1K6JHLGgGnDaMfSojaxweHvj
cnRe3KKTJ8miLU3U3XnS4KZ4bihRqT2rIkowzQJHSk9
VbbQ26pdrzLoImGB4v9lqUFyewXsahnz55dwjEDBNRE
ZEbS7b67a<font%20size=50>DEFACED<!--//-- :
MyWebServer 1.0.2 is vulnerable to HTML
injection. Upgrade to a later version.
CVE-2002-1453
Medium 4.3 Fail
http (tcp/80)
GET
/LNSAZoL2iuV3PmcrZl0W5YhMwILOBPbZwzEHVi5QAM
dlOJcFL6Y0Ihv21bU7R3461Q80T3CFq9WqFvx3lfcgs
MIZ4MDac8YVcxkBralskmulwlrf5JnvLuewKZ402AkB
LBIK0CZY7ajOn7U9xzZ0LAgwAzrUaw9UViczNtTyvEK
hm7WnyF5dfR084QH966s324XgjXktxVXXaqe7xtf3d5
bTukJXDoo<font%20size=50>DEFACED<!--//-- :
MyWebServer 1.0.2 is vulnerable to HTML
injection. Upgrade to a later version.
CVE-2002-1453
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira