VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Security Vulnerability Scan Results
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

44 Posts

Posted - February 09 2012 :  22:40:32  Show Profile  Visit Data0999's Homepage  Reply with Quote
We have an older 6.5 version running that continues to fail the scans by a PCI compliance company due to a new issue that I cannot resolve or find real information on.

This concerns /ConsoleHelp/ and they say when entered into a URL, critical source code files may be viewed. Server admin folks say this...

"The version of the WebLogic web application installed on the remote host contains a flaw such that by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed"

Admin also says it may be a false positive. Figured we'd see if anybody else has had similar experiences.

Dave Layton


4324 Posts

Posted - February 12 2012 :  03:22:46  Show Profile  Visit support's Homepage  Reply with Quote
Hi Dave,

Some of these scanning companies are just quietly ridiculous.

I would say to scanners it is a false positive.

My favourite one is where the scanning company complain that they cannot test the server and need us to open it up and then complain that the server is vulnerable after running their tests.

My theory is that if it is locked down to the point they cannot run intrusion tests it seems to be fairly secure, but hey, what do I know.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:

Did you know VPASP now offers premium Cloud based e-commerce web hosting?

Ask me for more details on how we can help you with a complete solution to your
online needs.
Go to Top of Page

Starting Member

44 Posts

Posted - February 14 2012 :  01:21:18  Show Profile  Visit Data0999's Homepage  Reply with Quote
A false positive (love that phrase) is where we all are leaning on this one. We've had very few issues with the software over the years and I don't think this is something never realized by anybody else or something new to be concerned about. There are two other re-directed domains included in these sets of scans (one passed and one failed) but go to the exact same site in question.

The ConsoleHelp piece was a new one and nobody can show us any evidence that it even exists.

And final scans continue. thanks a bunch.

Dave Layton
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000