+1-888-365-2779
Try Now
More in this section

Forums / Security / PCI Compliance Issue

PCI Compliance Issue

1 posts, 0 answered
  1. Dan
    Dan avatar
    2 posts
    Registered:
    30 Aug 2010
    29 Jun 2012
    Link to this post
    One of our clients is complaining of a PCI compliance issue on their Sitefinity 3.7 site.

    Here is the info that the scan is giving us:

    ulnerabilities (3)

    3 Syntax Error Occurred port 80/tcp

    Scan Results page 17

    QID: 150022 CVSS Base: 7.5 PCI Severity:

    Category: Web Application CVSS Temporal: 6.8

    CVE ID: -

    Vendor Reference: -

    Bugtraq ID: -

    Last Update: 01/16/2009

    THREAT:

    A test payload generated a syntax error within the Web application. This often points to a problem with input validation routines or lack of filters on

    user-supplied content.

    IMPACT:

    A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the Web application.

    SOLUTION:

    The Web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

    received from the client (i.e. Web browser) should be validated to an expected format or checked for malicious content.

    RESULT:

    url: http://www.clientdomain.com/?aspxerrorpath=%22%3E%3Cqss%3E

    variants: 50

    matched: rors> tag should then have its "mode" attribute set to "Off".

    <table width=100% bgcolor="#ffffcc">

    <tr>

    <td>

    <code>

    <!-- Web.Config Configuration File -->

    <configuration>

    <system.web>

    <customErrors mode="Off"/>

    </system.web>

    </configuration> </code>

    </td>

    </tr>

    </


    Any suggestions on how to resolve this?
1 posts, 0 answered