|
| 1 | +{ |
| 2 | + "@version": "2.11.1", |
| 3 | + "@generated": "Wed, 10 Aug 2022 10:13:02", |
| 4 | + "site":[ |
| 5 | + { |
| 6 | + "@name": "http://rhos-fedora-devel.usersys.redhat.com:9000", |
| 7 | + "@host": "rhos-fedora-devel.usersys.redhat.com", |
| 8 | + "@port": "9000", |
| 9 | + "@ssl": "false", |
| 10 | + "alerts": [ |
| 11 | + { |
| 12 | + "pluginid": "40018", |
| 13 | + "alertRef": "40018", |
| 14 | + "alert": "SQL Injection - SQLite", |
| 15 | + "name": "SQL Injection - SQLite", |
| 16 | + "riskcode": "3", |
| 17 | + "confidence": "2", |
| 18 | + "riskdesc": "High (Medium)", |
| 19 | + "desc": "<p>SQL injection may be possible.</p>", |
| 20 | + "instances":[ |
| 21 | + { |
| 22 | + "uri": "http://rhos-fedora-devel.usersys.redhat.com:9000/api/v1/activities/", |
| 23 | + "method": "POST", |
| 24 | + "param": "month", |
| 25 | + "attack": ";", |
| 26 | + "evidence": "near \";\": syntax error" |
| 27 | + } |
| 28 | + ], |
| 29 | + "count": "1", |
| 30 | + "solution": "<p>Do not trust client side input, even if there is client side validation in place. </p><p>In general, type check all data on the server side.</p><p>If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'</p><p>If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.</p><p>If database Stored Procedures can be used, use them.</p><p>Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!</p><p>Do not create dynamic SQL queries using simple string concatenation.</p><p>Escape all data received from the client.</p><p>Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.</p><p>Apply the principle of least privilege by using the least privileged database user possible.</p><p>In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.</p><p>Grant the minimum database access that is necessary for the application.</p>", |
| 31 | + "otherinfo": "<p>RDBMS [SQLite] likely, given error message regular expression [near \".+\": syntax error] matched by the HTML results.</p><p>The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised</p>", |
| 32 | + "reference": "<p>https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html</p>", |
| 33 | + "cweid": "89", |
| 34 | + "wascid": "19", |
| 35 | + "sourceid": "63" |
| 36 | + }, |
| 37 | + { |
| 38 | + "pluginid": "40009", |
| 39 | + "alertRef": "40009", |
| 40 | + "alert": "Server Side Include", |
| 41 | + "name": "Server Side Include", |
| 42 | + "riskcode": "3", |
| 43 | + "confidence": "2", |
| 44 | + "riskdesc": "High (Medium)", |
| 45 | + "desc": "<p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p>", |
| 46 | + "instances":[ |
| 47 | + { |
| 48 | + "uri": "http://rhos-fedora-devel.usersys.redhat.com:9000/api/v1/activities/", |
| 49 | + "method": "POST", |
| 50 | + "param": "month", |
| 51 | + "attack": "<!--#EXEC cmd=\"ls /\"-->", |
| 52 | + "evidence": "root'\nHOSTNAME = 'dfd2f63e3bbf'\nHTTP_ACCEPT = '*/*'\nHTTP_CACHE_CONTROL = 'no-cache'\nHTTP_HOST = 'rhos-fedora-devel.usersys.redhat.com:9000'\nHTTP_PRAGMA = 'no-cache'\nHTTP_USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0'\nPATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr" |
| 53 | + } |
| 54 | + ], |
| 55 | + "count": "1", |
| 56 | + "solution": "<p>Do not trust client side input and enforce a tight check in the server side. Disable server side includes.</p><p></p>", |
| 57 | + "otherinfo": "", |
| 58 | + "reference": "<p>http://www.carleton.ca/~dmcfet/html/ssi.html</p>", |
| 59 | + "cweid": "97", |
| 60 | + "wascid": "31", |
| 61 | + "sourceid": "38" |
| 62 | + }, |
| 63 | + { |
| 64 | + "pluginid": "10021", |
| 65 | + "alertRef": "10021", |
| 66 | + "alert": "X-Content-Type-Options Header Missing", |
| 67 | + "name": "X-Content-Type-Options Header Missing", |
| 68 | + "riskcode": "1", |
| 69 | + "confidence": "2", |
| 70 | + "riskdesc": "Low (Medium)", |
| 71 | + "desc": "<p>The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.</p>", |
| 72 | + "instances":[ |
| 73 | + { |
| 74 | + "uri": "http://rhos-fedora-devel.usersys.redhat.com:9000/api/v1/activities/", |
| 75 | + "method": "POST", |
| 76 | + "param": "X-Content-Type-Options", |
| 77 | + "attack": "", |
| 78 | + "evidence": "" |
| 79 | + } |
| 80 | + ], |
| 81 | + "count": "1", |
| 82 | + "solution": "<p>Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.</p><p>If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.</p>", |
| 83 | + "otherinfo": "<p>This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.</p><p>At \"High\" threshold this scan rule will not alert on client or server error responses.</p>", |
| 84 | + "reference": "<p>http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx</p><p>https://owasp.org/www-community/Security_Headers</p>", |
| 85 | + "cweid": "693", |
| 86 | + "wascid": "15", |
| 87 | + "sourceid": "3" |
| 88 | + } |
| 89 | + ] |
| 90 | + }, |
| 91 | + { |
| 92 | + "@name": "http://rhos-fedora-devel.usersys.redhat.com:9001", |
| 93 | + "@host": "rhos-fedora-devel.usersys.redhat.com", |
| 94 | + "@port": "9001", |
| 95 | + "@ssl": "false", |
| 96 | + "alerts": [ |
| 97 | + ] |
| 98 | + } |
| 99 | + ] |
| 100 | +} |
0 commit comments