Unsolved
This post is more than 5 years old
2 Posts
0
19087
OMSA 7.3.0.1 - wpoison (nasl version)
I've been running some vunlnerability assements using the Openvas tool.
After upgrading the OMSA on servers to 7.3.0.1, Openvas shows this for all 1311 tcp ports:
NVT: wpoison (nasl version) (OID: 1.3.6.1.4.1.25623.1.0.11139)
The following URLs seem to be vulnerable to BLIND SQL injection techniques : /HelpViewer?file=Redirect&app=oma+AND+1=1 An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution: Modify the relevant CGIs so that they properly escape arguments See also : http://www.securitydocs.com/library/2651
Any clues as to a fix ?
Thanks
DELL-Geoff P
990 Posts
0
January 14th, 2014 06:00
sdfnc,
We thank you for your forum submission and I have forwarded your information on and when we have updated information, it will be posted here.
Regards,
michael.meyer
1 Message
0
January 19th, 2014 08:00
Hello,
I'm a NVT Developer off the OpenVAS project and by chance I stumbled upon this article. I did a quick check of the wpoison nasl and can say that this is a false positive because of a bug in this NVT. This NVT is updated as soon as possible in the feed.
Sorry for the inconvenience.
Michael Meyer