sdfnc
1 Copper

OMSA 7.3.0.1 - wpoison (nasl version)

I've been running some vunlnerability assements using the Openvas tool.

After upgrading the OMSA on servers to 7.3.0.1, Openvas shows this for all 1311 tcp ports:

 NVT: wpoison (nasl version) (OID: 1.3.6.1.4.1.25623.1.0.11139)

The following URLs seem to be vulnerable to BLIND SQL injection
techniques : 

/HelpViewer?file=Redirect&app=oma+AND+1=1

An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.

Solution: Modify the relevant CGIs so that they properly escape arguments
See also : http://www.securitydocs.com/library/2651

Any clues as to a fix ?

Thanks

 

Tags (2)
0 Kudos
2 Replies
Moderator
Moderator

RE: OMSA 7.3.0.1 - wpoison (nasl version)

sdfnc,

We thank you for your forum submission and  I have forwarded your information on and when we have updated information, it will be posted here.

Regards,

 

Geoff P
Dell | Social Outreach Services - Enterprise


Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device!
(iOS, Android, Windows)

0 Kudos
michael.meyer
1 Copper

RE: OMSA 7.3.0.1 - wpoison (nasl version)

Hello,

I'm a NVT Developer off the OpenVAS project and by chance I stumbled upon this article.  I did a quick check of the wpoison nasl and can say that this is a false positive because of a bug in this NVT. This NVT is updated as soon as possible in the feed.

Sorry for the inconvenience.


Michael Meyer

0 Kudos