More in this section
Forums / Security / PCI Compliance Issue

PCI Compliance Issue

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
1 posts, 0 answered
  1. Dan
    Dan avatar
    2 posts
    Registered:
    30 Aug 2010
    29 Jun 2012
    Link to this post
    One of our clients is complaining of a PCI compliance issue on their Sitefinity 3.7 site.

    Here is the info that the scan is giving us:

    ulnerabilities (3)

    3 Syntax Error Occurred port 80/tcp

    Scan Results page 17

    QID: 150022 CVSS Base: 7.5 PCI Severity:

    Category: Web Application CVSS Temporal: 6.8

    CVE ID: -

    Vendor Reference: -

    Bugtraq ID: -

    Last Update: 01/16/2009

    THREAT:

    A test payload generated a syntax error within the Web application. This often points to a problem with input validation routines or lack of filters on

    user-supplied content.

    IMPACT:

    A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the Web application.

    SOLUTION:

    The Web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

    received from the client (i.e. Web browser) should be validated to an expected format or checked for malicious content.

    RESULT:

    url: http://www.clientdomain.com/?aspxerrorpath=%22%3E%3Cqss%3E

    variants: 50

    matched: rors> tag should then have its "mode" attribute set to "Off".

    <table width=100% bgcolor="#ffffcc">

    <tr>

    <td>

    <code>

    <!-- Web.Config Configuration File -->

    <configuration>

    <system.web>

    <customErrors mode="Off"/>

    </system.web>

    </configuration> </code>

    </td>

    </tr>

    </


    Any suggestions on how to resolve this?
1 posts, 0 answered