[ic] PCI Compliance and minivend port 7786 issue
ic_support at mnwebdesign.com
Wed Feb 18 00:49:51 UTC 2009
I am trying to bring a server into PCI compliance and I have two issues with
TCP port 7786 minivend.
The test suite at securitymetrics.com reports this:
Synopsis: The remote web server is affected by a directory traversal
vulnerability (TCP port 7786 minivend).
Description: It appears possible to read arbitrary files on the remote host
outside the web server's document directory using a specially-crafted URL.
An unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.
Solution: Contact the vendor for an update, use a different product, or
disable the service altogether.
Synopsis: The remote web server is prone to cross-site scripting attacks.
Description: The remote host is running a web server that fails to
this issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
Solution: Contact the vendor for a patch or upgrade.
I have this in my 'pretty stock' interchange.cfg:
TcpMap 7786 -
On startup I see this: Interchange server started in UNIX mode(s)
Can I just comment that line out of my config file? Any drawbacks to doing
This is a 5.4.2 tar install on a upgraded 'construct' catalog
Kevin Walsh said this:
To get both UNIX and Inet modes, add the following to your
TcpMap 7786 -
Restart Interchange after modifying your interchange.cfg file.
There's not always a point in running Interchange in both UNIX and Inet
modes. Pick one or the other, unless you really do need both for some
Maybe I should just comment that out?
Thanks for any input!
More information about the interchange-users