Web Server Expect Header XSS Vulnerability

Status
Not open for further replies.

Quinniedid

Dabbler
Joined
Oct 12, 2014
Messages
11
Had a vulnerability scan on our network recently and I am getting back this vulnerability.

What is needed for this to get fixed?

Build: FreeNAS-11.1-U4


Synopsis

The remote web server is vulnerable to a cross-site scripting attack.

Description

The remote web server fails to sanitize the contents of an 'Expect'
request header before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially crafted ShockWave (SWF) files.

tcp/6000

Nessus was able to exploit the issue using the following request :

------------------------------ snip ------------------------------
GET / HTTP/1.1
Host: X.X.X.X:6000
Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
Accept-Language: en
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Pragma: no-cache
Expect: www_expect_xss.nasl testing for BID 19661 <test>
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

------------------------------ snip ------------------------------
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
FreeNAS is not intended to be exposed to the internet. If you have it exposed you'd be best off putting it behind a VPN.
 

Quinniedid

Dabbler
Joined
Oct 12, 2014
Messages
11
In my use case it is never exposed to the internet, but it is connected to a secure network which requires these vulnerabilities to not exist.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Well that's going to require an nginx configuration change so you might want to file a bug report on it.
 
Status
Not open for further replies.
Top