| To: | nv-l@lists.us.ibm.com |
|---|---|
| Subject: | Re: [nv-l] cross-site scripting exposure |
| From: | Leslie Clark <lclark@us.ibm.com> |
| Date: | Sat, 22 Nov 2003 11:22:52 -0500 |
| Delivery-date: | Sat, 22 Nov 2003 16:27:51 +0000 |
| Envelope-to: | nv-l-archive@lists.skills-1st.co.uk |
| Reply-to: | nv-l@lists.us.ibm.com |
| Sender: | owner-nv-l@lists.us.ibm.com |
|
If you are not using the Netview web client, then don't start the webserver daemon. Wouldn't that close port 8080? Cordially, Leslie A. Clark IBM Global Services - Systems Mgmt & Networking Detroit
I have NetView V7.1.3 on AIX 5.1. I was just informed by my AIX Server support people that a security scan has just identified the following exposure: [HTTP/8080/TCP] Server is an enabling vector for cross-site scripting exposure in clients [trace-1] Currently, we 3 http servers on this device: 1. For the TREND Application - on port 80 (defaults to port 80) 2. IBM HTTP server on port 85 - but it is down right now. It was taken down. 3. NetView on port 8080 CERT says there is no fix for the exposure, but the server can disable scripting. I don't know if scripting enabled or disabled will affect NetView. Has anyone been flagged with this exposure? We never use the Web Server function to access NetView. Is there a way to correct this security exposure? Thanks, Chris Coulson ccoulson@ca.ibm.com |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [nv-l] question in the ruleset, Leslie Clark |
|---|---|
| Next by Date: | Re: [nv-l] NetView Filter Files and NetView 7.1.3, Leslie Clark |
| Previous by Thread: | [nv-l] cross-site scripting exposure, Chris Coulson |
| Next by Thread: | [nv-l] Marco Rossi/Italy/IBM is out of the office., Marco Rossi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web