The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Compliance and "help.php"

Discussion in 'Security' started by Myflag, Dec 5, 2013.

  1. Myflag

    Myflag Registered

    Joined:
    Dec 5, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Forum Members,

    I am currently in the process of certifying one of my servers to be PCI Compliant. I have resolved all of the reported security vulnerabilities except the following:

    Code:
    Security Warning found on port/service "www (2096/tcp)"
    
    																											
    	
        Status
    	
    Fail (This must be resolved for your device to be compliant).
        Plugin
    	
     "TrustPort WebFilter help.php hf Parameter Directory Traversal"
    
    
        Category
    	
     "CGI abuses "
    
    	
        Priority
    	
     "Medium Priority
    
        Synopsis
    
    	
       The remote web server hosts a PHP script that can be abused to disclose
    the contents of arbitrary files.
    
    	
        Description
    
    
        The TrustPort WebFilter administration console install listening on
    this port fails to sanitize user input to the 'hf' parameter of the
    'help.php' script before using it to return the contents of a file. 
    
    An unauthenticated, remote attacker can leverage this issue to view
    arbitrary files on the remote host.
    
    	
    
    
    	
    See also:
    	
    http://www.securityfocus.com/archive/1/527826/30/0/threaded
    
    	
    
    
        Risk factor
       MEDIUM / CVSS BASE SCORE :5.0 CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
    
    	
    
    
    	
    Plugin
    output
    	
        
    Nessus was able to obtain the contents of 'windows/win.ini' with the
    following request :
    
     https://mydomain.net:2096/help.php?hf=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4v
    Li4vLi4vLi4vLi4vd2luZG93cy93aW4uaW5p
    
    I am having the "help.php" problem with ports 2083, 2053, 8443, 2087, 2096.

    What would you recommend I do to prevent this vulnerability and pass the PCI Compliance scan?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    This is a false positive. They are erroneously thinking that cPanel services are "TrustPort WebFilter"

    A statement from you that "TrustPort WebFilter" is not installed, and that port 2096 is a cPanel webmail service should be sufficient to appeal this as a false positive.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can show them that cPanel listens on these ports:

    Code:
    [~]# netstat -lnp | grep :2096
    tcp        0      0 0.0.0.0:2096                0.0.0.0:*                   LISTEN      6583/cpsrvd (SSL) - 
    Code:
    [~]# netstat -lnp | grep :208
    tcp        0      0 0.0.0.0:2082                0.0.0.0:*                   LISTEN      6583/cpsrvd (SSL) - 
    tcp        0      0 0.0.0.0:2083                0.0.0.0:*                   LISTEN      6583/cpsrvd (SSL) - 
    tcp        0      0 0.0.0.0:2086                0.0.0.0:*                   LISTEN      6583/cpsrvd (SSL) - 
    tcp        0      0 0.0.0.0:2087                0.0.0.0:*                   LISTEN      6583/cpsrvd (SSL) -
    I noticed you mentioned ports 2053 and 8443. What services do you have listening on these ports?

    Thank you.
     
Loading...

Share This Page