Permalink
Browse files

Merge remote-tracking branch 'dma/master'

  • Loading branch information...
2 parents 91c60ff + 1cb2aca commit 0179b5940c6e4f55b6bc7e1e73285f7a5b4777a5 @brl brl committed Jun 21, 2011
@@ -1,5 +1,5 @@
var module = {
- name: "RFC 1918 IP Address Finder",
+ name: "Internal IP Addresses",
type: "response-processor"
};
@@ -1,46 +0,0 @@
-var module = {
- name: "__EVENTVALIDATION detector",
- type: "response-processor"
-};
-
-function run(request, response, ctx) {
- var z;
- var x;
- var c;
- var v;
-
- if(!response.document) {
- return;
- }
- var form = jQuery("form", response.document);
- form.children().each(function() {
- if ((this.getAttribute("name") != null) && (this.getAttribute("name") == "__VIEWSTATE")) {
- z = 1;
- }
- });
- form.children().each(function() {
- if ((this.getAttribute("name") != null) && (this.getAttribute("name") == "__EVENTVALIDATION")) {
- x = 1;
- }
- });
-
- form.children().each(function() {
- if ((this.getAttribute("id") != null) && (this.getAttribute("id") == "__VIEWSTATE")) {
- c = 1;
- }
- });
- form.children().each(function() {
- if ((this.getAttribute("id") != null) && (this.getAttribute("id") == "__EVENTVALIDATION")) {
- v = 1;
- }
- });
-
-
- if (z && x | c && v) {
- ctx.alert("vinfo-validation", request, response, {
- "output": response.bodyAsString,
- "resource": request.requestLine.uri,
- key: "vinfo-validation" + request.requestLine.uri
- });
- }
-}
View
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>HTTP Server Banner</title>
-
- <class>Information</class>
- <severity>Info</severity>
- <discussion>
- The HTTP Server banner was retrieved from web server.
- </discussion>
-
-
-</alert>
-
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Cookie Not Set HTTPOnly</title>
-
- <class>Environment Error</class>
- <severity>Info</severity>
-
- <impact>Vega detected a cookie that was not set with the HttpOnly flag.</impact>
- <impact>This means that the cookie value is accessible by Javascript, making it susceptible to stealing via cross-site scripting attacks.</impact>
-
- <remediation>Cookies used for security sensitive purposes, such as maintaining authenticated sessions, should be set HttpOnly, if possible.</remediation>
- <remediation>Many server-side application development frameworks include support for setting this flag in a straightforward manner (as a boolean property).</remediation>
-
- <discussion>
- Vega has detected a cookie set by the server that was not set as HttpOnly. The HttpOnly flag was introduced in 2002 for MSIE 6 SP1. All modern browsers support it. The flag indicates to the browser that the cookie should only be transmitted in HTTP request headers and not accessible (i.e. by Javascript) through the DOM. The purpose of this feature is to limit the impact of cross-site scripting vulnerabilities.
- </discussion>
-
- <references>
- <url address="https://www.owasp.org/index.php/HttpOnly">HttpOnly (OWASP)</url>
- <url address="http://msdn.microsoft.com/en-us/library/ms533046(v=vs.85).aspx">Mitigating Cross-site Scripting With HTTP-Only Cookies (MSDN)</url>
- <url address="http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly">HTTP Cookie (Wikipedia)</url>
- </references>
-
-</alert>
-
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Cookie not set as http only</title>
-
- <class>Configuration Error</class>
- <severity>High</severity>
-
- <impact>Vega has detected a cookie associated with an TLS (https) session that does not have the Secure flag set.</impact>
- <impact>These cookies can be transmitted over unencrypted HTTP connections.</impact>
- <impact>Cookies containing sensitive information, such as session identifiers, could be vulnerable to eavesdropping.</impact>
-
- <remediation>
- The application must set the Secure flag for all cookies set by the server. This will prevent unintented leakage.
- </remediation>
-
- <discussion>
- Vega has detected that a cookie was not set with the Secure flag associated with an application that relies on TLS. The Secure flag indicates to the client that the cookie must only transmitted over TLS (https) connections. Not doing so leaves the application vulnerable to network eavesdropping if the client ever communicates with the server over unencrypted HTTP.
- </discussion>
-
- <references>
- <url address="http://en.wikipedia.org/wiki/HTTP_cookie">HTTP cookie (Wikipedia)</url>
- <url address="http://php.net/manual/en/function.setcookie.php">setcookie (PHP)</url>
- <url address="http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-secure">Sessions: SESSION_COOKIE_SECURE (Django documentation)</url>
- <url address="http://msdn.microsoft.com/en-us/library/system.net.cookie.secure.aspx">Cookie.Secure Property (MSDN)</url>
- <url address="http://codebutler.github.com/firesheep/tc12/">Hey Web 2.0: Start protecting user privacy instead of pretending to (Eric Butler / Ian Gallagher)</url>
-</alert>
-
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<alert>
-<title>Password with Autocomplete Enabled</title>
+<title>Form Password Field with Autocomplete Enabled</title>
<class>Environment</class>
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Cookie not set as http only</title>
-
- <class>Configuration Error</class>
- <severity>High</severity>
-
- <impact>Vega has detected a cookie associated with an TLS (https) session that does not have the Secure flag set.</impact>
- <impact>These cookies can be transmitted over unencrypted HTTP connections.</impact>
- <impact>Cookies containing sensitive information, such as session identifiers, could be vulnerable to eavesdropping.</impact>
-
- <remediation>
- The application must set the Secure flag for all cookies set by the server. This will prevent unintented leakage.
- </remediation>
-
- <discussion>
- Vega has detected that a cookie was not set with the Secure flag associated with an application that relies on TLS. The Secure flag indicates to the client that the cookie must only transmitted over TLS (https) connections. Not doing so leaves the application vulnerable to network eavesdropping if the client ever communicates with the server over unencrypted HTTP.
- </discussion>
-
- <references>
- <url address="http://en.wikipedia.org/wiki/HTTP_cookie">HTTP cookie (Wikipedia)</url>
- <url address="http://php.net/manual/en/function.setcookie.php">setcookie (PHP)</url>
- <url address="http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-secure">Sessions: SESSION_COOKIE_SECURE (Django documentation)</url>
- <url address="http://msdn.microsoft.com/en-us/library/system.net.cookie.secure.aspx">Cookie.Secure Property (MSDN)</url>
- <url address="http://codebutler.github.com/firesheep/tc12/">Hey Web 2.0: Start protecting user privacy instead of pretending to (Eric Butler / Ian Gallagher)</url>
-</alert>
-
View
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Form with File Upload Discovered</title>
-
- <class>Injection Point</class>
-
- <severity>Info</severity>
-
- <impact>Vega has discovered a form that allows users to upload files, an injection point where vulnerabilities are often found.</impact>
- <impact>Users can potentially upload files outside of the authorized location.</impact>
- <impact>Users may be able to upload content that is executed on the server.</impact>
-
- <remediation>
- This is not a confirmed vulnerability. Developers should make sure that file upload functionality is secure.
- </remediation>
-
- <discussion>
- Vega detected a file upload input field in a form. File uploads are a common source of vulnerability. This alert is purely informational, no vulnerability has been confirmed. The purpose of this alert is to flag the form for further investigation using the Vega intercepting proxy.
- </discussion>
-
- <references>
- <url address="http://tstarling.com/blog/2008/12/secure-web-uploads/">Secure Web Uploads (Tim Starling)</url>
- <url address="http://joginipally.blogspot.com/2008/11/security-considerations-for-file-upload.html">Security Considerations for File Upload (Gopal's Blog)</url>
- </references>
-
-
-
-</alert>
-
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>URI Credentials Detected</title>
-
- <class>Information</class>
- <severity>Medium</severity>
-
- <impact>Vega has detected a link that includes HTTP Basic authentication credentials in scanned content.</impact>
- <impact>The exposure of these credentials may allow unauthorized access to server resources.</impact>
-
- <remediation>The link should be investigated by developers to determine if they are valid credentials and to assess the impact of their disclosure.</remediation>
- <remediation>The code or static content responsible for this disclosure should be corrected.</remediation>
- <remediation>The password should be changed.</remediation>
-
- <discussion>It's possible to define a URI that includes a password in the userinfo section of the URI, in the form of http://username:password@host. Browsers can support URI credentials for authenticating to both HTTP servers (via Basic authentication) and FTP servers. The inclusion of credentials in URIs is considered a security risk as these credentials can be left exposed to attackers and/or transmitted in the clear. Disclosure of credentials can lead to unauthorized access.
- </discussion>
-
- <references>
- <url address="http://en.wikipedia.org/wiki/URI_scheme">URI Scheme (Wikipedia)</url>
- <url address="http://www.ietf.org/rfc/rfc2396.txt">RFC 2396 - Sections 3.2.2 and 7 (IETF)</url>
- </references>
-</alert>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>HTTP authentication failure detected</title>
-
- <class>Information</class>
- <severity>Info</severity>
-
- <impact>An authentication failure status (401) has been returned at this address.</impact>
-</alert>
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<alert>
-<title>HTTP error detected</title>
+<title>HTTP Error Detected</title>
<class>Information</class>
<severity>Info</severity>
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<alert>
-<title>PHP error detected</title>
+<title>PHP Error Detected</title>
<class>Information</class>
<severity>Medium</severity>
@@ -1,9 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<alert>
-<title>Ruby on Rails error detected</title>
+<title>Ruby on Rails Error Detected</title>
<class>Information</class>
- <severity>Low</severity>
+ <severity>Medium</severity>
<impact>A Ruby on Rails error has been detected. This could indicate badly written code, and could disclose sensitive information.</impact>
+
+ <remediation>The developer should investigate the error to determine its nature and ensure that it does not represent a vulnerability.</impact>
+ <remediation>Ensure that the application is running in a production environment.</remediation>
+
+
</alert>
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Error page</title>
-
- <class>Information</class>
- <severity>Info</severity>
- <discussion>
- Error page
- </discussion>
-
-
-</alert>
-
@@ -2,20 +2,29 @@
<alert>
<title>Format String Injection</title>
- <class>Information</class>
+ <class>Input Validation Error</class>
<severity>High</severity>
<discussion>
- Discuss issue here.
+ Vega has detected behavior indicative of a possible format string vulnerability. Format string vulnerabilities occur when untrustworthy input is used to construct the format string parameter passed to one of the printf() family of C library calls (and derivatives). Format string vulnerabilities can be used to overwrite memory, resulting in remote code execution.
</discussion>
<impact>
- Explain impact here.
+ If there is indeed a format string vulnerability present, the attacker could be able to overwrite memory of the target process.
+ </impact>
+ <impact>
+ Overwriting memory can allow for the execution of arbitrary code.
</impact>
<remediation>
- Investigate further.
+ The developer should investigate the code in question to determine if it is at all possible that a format string vulnerability could be present.
+ </remediation>
+ <remediation>
+ This can be fixed by ensuring that untrustworthy data is not passed to the printf() function.
</remediation>
+ <references>
+ <url address="http://en.wikipedia.org/wiki/Uncontrolled_format_string">Uncontrolled format string (Wikipedia)</url>
+ </references>
</alert>
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>MD5 hash detected</title>
-
- <class>Information</class>
- <severity>Info</severity>
-
- <impact>Vega has detected a string with characatertics in common with MD5 hashes.</impact>
- <impact>While not a confirmed vulnerability, the presence of a hash indicates interesting data, such as credentials, that should be examined.</impact>
- <impact>Hashed passwords may be vulnerable to dictionary cracking.</impact>
- <impact>Sensitive values that have been hashed before sending to the client can point to vulnerabilities in business logic.</impact>
- <remediation>This is not a confirmed vulnerability. The purpose of the hashed value should be investigated in the context of the application.</remediation>
-
- <discussion>
- Vega has detected a MD5 hash. This may be interesting during a penetration test, e.g., credentials.
- </discussion>
-
-
-</alert>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>SHA-1 hash detected</title>
-
- <class>Information</class>
- <severity>Info</severity>
-
- <impact>A SHA-1 hash has been detected. This hash may have been used to encrypt passwords or other valuable data.</impact>
-</alert>
@@ -2,20 +2,28 @@
<alert>
<title>Integer Overflow</title>
- <class>Information</class>
- <severity>Info</severity>
+ <class>Boundary Condition Error</class>
+ <severity>High</severity>
<discussion>
- Discuss issue here.
+ Integer overflows occur when integer data types exceed their maximum value. When this occurs in programs written in languages such as C, the resulting behavior can have security implications. For example, unsigned integers will be reduced, wrapping back to a lower numeric value.
</discussion>
<impact>
- Explain impact here.
+ Integer overflow errors can have a variet of impacts, depending on the context and the purpose of the integer value.
+ </impact>
+ <impact>
+ Integers used to check the size of a data buffer, if reduced, can falsely represent the total amount of data, resulting in a possible buffer overflow.
</impact>
<remediation>
- Investigate further.
+ The developer should investigate the error and determine if a vulnerability is present.
</remediation>
+ <references>
+ <url address="https://www.owasp.org/index.php/Integer_overflow">Integer overflow (OWASP)</url>
+ <url address="http://en.wikipedia.org/wiki/Integer_overflow">Integer overflow (Wikipedia)</url>
+ </references>
+
</alert>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<alert>
-<title>Object/Applet Detected</title>
-
- <class>Information</class>
- <severity>Info</severity>
-
- <impact>This website has embedded objects and/or applets.</impact>
-</alert>
@@ -13,9 +13,5 @@
This resource contains a fingerprint that identifies the underlying platform to attackers. This knowledge may make other attacks more reliable.
</impact>
- <remediation>
- TBA
- </remediation>
-
</alert>
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<alert>
-<title>Possible source code disclosure</title>
+<title>Possible Source Code Disclosure</title>
<class>Information</class>
Oops, something went wrong.

0 comments on commit 0179b59

Please sign in to comment.