Hi,
My PCI scan failed on the following below. The link goes to a blank page. There is a download link but I don't know what to download or how to apply it.
Has anyone had to deal with this? Thanks
Al
Linux cPanel/WHM
Impact: Successful exploitation will allow remote attackers to execute arbitrary code within the context of the
affected application. failed exploit attempts will result in a denial-of-service condition. impact level:
system/application
Solution
Apply the patch from below link,
https://code.google.com/p/mongoose/sour ... 63f6293ce9
Solution type: Mitigation Affected Software/OS: Mongoose web server version 3.0
Detection Reliability: Remote active checks (code execution, traversal attack, sql injection etc.) where the
response clearly shows the presence of the vulnerability.
Vulnerability Insight: The flaw is due to an error in the 'put_dir()' function
(mongoose.c) when processing http put web requests. this can be exploited
to cause an assertion error or a stack-based buffer overflow.
mongoose ie mongo database.
not used by opencart.
if youre on whm with root access just make sure only mariaDB is installed.
just uninstall any other database engine.
not used by opencart.
if youre on whm with root access just make sure only mariaDB is installed.
just uninstall any other database engine.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Hi and thanks for responding. Until today, I'd never even heard of the MongoDB.
I do have WHM access and I couldn't see any Mongo DB.
I ran this in Putty to see if it existed and no results were returned.
rpm -qa|grep mongo
So just to see, I tried uninstalling the MongoDB service and the result was that it did not exist.
rpm -e mongodbconfig
I do have WHM access and I couldn't see any Mongo DB.
I ran this in Putty to see if it existed and no results were returned.
rpm -qa|grep mongo
So just to see, I tried uninstalling the MongoDB service and the result was that it did not exist.
rpm -e mongodbconfig
procheck wrote: ↑Wed Mar 27, 2019 8:21 amHi and thanks for responding. Until today, I'd never even heard of the MongoDB.
I do have WHM access and I couldn't see any Mongo DB.
I ran this in Putty to see if it existed and no results were returned.
rpm -qa|grep mongo
So just to see, I tried uninstalling the MongoDB service and the result was that it did not exist.
rpm -e mongodbconfig
While these information may be true, applying host patches can also affect software licensing management also based on ELS Support requirements. Better to consult your host regarding this provided solution before processing the change. Otherwise, the impact management may be resolved on one side but also creating new incident management on the other side.Impact: Successful exploitation will allow remote attackers to execute arbitrary code within the context of the
affected application. failed exploit attempts will result in a denial-of-service condition. impact level:
system/application
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I do agree with you that this is a possibility but unfortunately the ISP are only interested in looking at this if I sign up for a managed VPS at an expensive price. For the most part, I have managed it well except for situations that arise like this.
Who is online
Users browsing this forum: No registered users and 104 guests