Start a new topic

Security Concerns in 4.0

During a security scan of default installations of sippy, we have found some security concerns:


 mod_wsgi/2.8 appears to be outdated (current is at least 3.3)

+ OpenSSL/0.9.8y appears to be outdated (current is at least 1.0.0d). OpenSSL 0.9.8r is also current.

+ mod_ssl/2.2.25 appears to be outdated (current is at least 2.8.31) (may depend on server version)

+ mod_ssl/2.2.25 OpenSSL/0.9.8y DAV/2 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756.


+ OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  http://www.cert.org/advisories/CA-2000-02.html.

+ /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.

+ OSVDB-4598: /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.

+ OSVDB-2946: /forum_members.asp?find=%22;}alert(9823);function%20x(){v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.

Hello Ameed, thank you for posting!


Can you confirm to us by email, the IP address of the system you audited? After we verify some items, I will post a complete follow up to this forum thread.


Thanks!

-Jev 

Hi Jev,

How did you go with the audit, we're looking at moving to Sippy 4.0.

Thanks,

Ash

 

I do not want to publish the IP in public, you can contact me for more details over Skype or to my personal e-mail.

Hello Ameed, Ashleigh,


We carefully validated the results posted. OSVDB-27071 CA-2000-02 OSVDB-4598 OSVDB-2946 all appear to be false positives, as our product does not ship or run any of the software packages listed in those vulnerability reports.


The version warnings for ssl/wsgi is benign, we track the latest security patch releases and countermeasures for these packages, we believe we are not vulnerable with respect to these warnings.


Thank you for posting, and sorry for taking so long to respond publicly. Do contact us at [email protected] if you have any further questions/concerns!


-Jev

Login or Signup to post a comment