Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Announcements
 Security Vulnerability Scan Results
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Data0999
Starting Member

USA
46 Posts

Posted - February 09 2012 :  22:40:32  Show Profile  Visit Data0999's Homepage  Reply with Quote
We have an older 6.5 version running that continues to fail the scans by a PCI compliance company due to a new issue that I cannot resolve or find real information on.

This concerns /ConsoleHelp/ and they say when entered into a URL, critical source code files may be viewed. Server admin folks say this...

"The version of the WebLogic web application installed on the remote host contains a flaw such that by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed"

Admin also says it may be a false positive. Figured we'd see if anybody else has had similar experiences.

thanks,
Dave Layton

support
Administrator

4679 Posts

Posted - February 12 2012 :  03:22:46  Show Profile  Visit support's Homepage  Reply with Quote
Hi Dave,

Some of these scanning companies are just quietly ridiculous.

I would say to scanners it is a false positive.

My favourite one is where the scanning company complain that they cannot test the server and need us to open it up and then complain that the server is vulnerable after running their tests.

My theory is that if it is locked down to the point they cannot run intrusion tests it seems to be fairly secure, but hey, what do I know.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp

************************************
Did you know VPASP now offers premium Cloud based e-commerce web hosting?

Ask me for more details on how we can help you with a complete solution to your
online needs.
************************************
Go to Top of Page

Data0999
Starting Member

USA
46 Posts

Posted - February 14 2012 :  01:21:18  Show Profile  Visit Data0999's Homepage  Reply with Quote
A false positive (love that phrase) is where we all are leaning on this one. We've had very few issues with the software over the years and I don't think this is something never realized by anybody else or something new to be concerned about. There are two other re-directed domains included in these sets of scans (one passed and one failed) but go to the exact same site in question.

The ConsoleHelp piece was a new one and nobody can show us any evidence that it even exists.

And final scans continue. thanks a bunch.

Dave Layton
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00