Post by procheck » Wed Mar 27, 2019 6:02 am

Hi,
My PCI scan failed on the following below. The link goes to a blank page. There is a download link but I don't know what to download or how to apply it.
Has anyone had to deal with this? Thanks
Al
Linux cPanel/WHM

Impact: Successful exploitation will allow remote attackers to execute arbitrary code within the context of the
affected application. failed exploit attempts will result in a denial-of-service condition. impact level:
system/application
Solution
Apply the patch from below link,
https://code.google.com/p/mongoose/sour ... 63f6293ce9
Solution type: Mitigation Affected Software/OS: Mongoose web server version 3.0
Detection Reliability: Remote active checks (code execution, traversal attack, sql injection etc.) where the
response clearly shows the presence of the vulnerability.
Vulnerability Insight: The flaw is due to an error in the 'put_dir()' function
(mongoose.c) when processing http put web requests. this can be exploited
to cause an assertion error or a stack-based buffer overflow.

New member

Posts

Joined
Tue Jul 23, 2013 9:42 am

Post by victorj » Wed Mar 27, 2019 6:19 am

mongoose ie mongo database.
not used by opencart.
if youre on whm with root access just make sure only mariaDB is installed.
just uninstall any other database engine.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by procheck » Wed Mar 27, 2019 8:21 am

Hi and thanks for responding. Until today, I'd never even heard of the MongoDB.

I do have WHM access and I couldn't see any Mongo DB.
I ran this in Putty to see if it existed and no results were returned.
rpm -qa|grep mongo

So just to see, I tried uninstalling the MongoDB service and the result was that it did not exist.
rpm -e mongodbconfig

New member

Posts

Joined
Tue Jul 23, 2013 9:42 am

Post by straightlight » Wed Mar 27, 2019 9:08 am

procheck wrote:
Wed Mar 27, 2019 8:21 am
Hi and thanks for responding. Until today, I'd never even heard of the MongoDB.

I do have WHM access and I couldn't see any Mongo DB.
I ran this in Putty to see if it existed and no results were returned.
rpm -qa|grep mongo

So just to see, I tried uninstalling the MongoDB service and the result was that it did not exist.
rpm -e mongodbconfig
Impact: Successful exploitation will allow remote attackers to execute arbitrary code within the context of the
affected application. failed exploit attempts will result in a denial-of-service condition. impact level:
system/application
While these information may be true, applying host patches can also affect software licensing management also based on ELS Support requirements. Better to consult your host regarding this provided solution before processing the change. Otherwise, the impact management may be resolved on one side but also creating new incident management on the other side.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by procheck » Wed Mar 27, 2019 10:13 am

I do agree with you that this is a possibility but unfortunately the ISP are only interested in looking at this if I sign up for a managed VPS at an expensive price. For the most part, I have managed it well except for situations that arise like this.

New member

Posts

Joined
Tue Jul 23, 2013 9:42 am
Who is online

Users browsing this forum: No registered users and 3 guests