Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...This site is truly a marvel. Without a doubt the most comprehensive, friendly and just plain useful resource of its kind..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Operating Systems - Hardware Independent > Microsoft: Small Business Server 2003 Forum

SBS 2003 Cross Scripting error on Security Metrics PCI scan

thread1584-1679793
Read More Threads Like This One
jadwyer (TechnicalUser)
5 Apr 12 12:44
My small business
 server 2003 R2 with latest patches has been failing the Security Metrics PCI
 scan since December. The cause listed for the failure is:
 
Port: 443

Description: web program allows cross-site scripting in query string (/Remote/logon.aspx)
 


Vulnerability Details:

Service: https Sent: GET /Remote/logon.aspx? ><SCRIPT>alert('SAINT'
 ;)</SCRIPT> HTTP/1.0 Host: myhost.org User-Agent: Mozilla/4.0 Connection:
 Keep-alive Received: ??<form name="logon" method="pos t"
 action="logon.aspx?><SCRIPT>alert('S AINT' )</SCRIPT>"
 id="logon" autocomplete="off">
 
There are lots of suggestions that seem to relate to products that are not installed and one that
 suggests creating a custom error page that does not display the URI.  

How does one resolve this when the WEB site is the default supplied with SBS 2003?
 


Thanks in advance
 
kurio71 (TechnicalUser)
8 Apr 12 4:19
Looks like the error is pointing to a security vulnerability with the RWW login page and Mozilla.

Level 1 Support Technician

Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Microsoft: Small Business Server 2003

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close