Bug#381418: marked as done (ITP: wapiti -- Web application vulnerability scanner)

To: Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
Subject: Bug#381418: marked as done (ITP: wapiti -- Web application vulnerability scanner)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 15 Jul 2007 13:03:03 +0000
Message-id: <[🔎] handler.381418.D381418.118450447830647.ackdone@bugs.debian.org>
References: <E1IA3dH-0008Ha-LA@ries.debian.org> <20060804094241.9115.94543.reportbug@localhost>

Your message dated Sun, 15 Jul 2007 12:55:27 +0000
with message-id <E1IA3dH-0008Ha-LA@ries.debian.org>
and subject line Bug#381418: fixed in wapiti 1.1.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: RFP: wapiti -- Web application vulnerability scanner
From: Florent Bayle <florent@sarcelle.net>
Date: Fri, 04 Aug 2006 11:42:41 +0200
Message-id: <20060804094241.9115.94543.reportbug@localhost>

Package: wnpp
Severity: wishlist

* Package name    : wapiti
  Version         : 1.1.0
  Upstream Author : Nicolas Surribas <nicolas.surribas@gmail.com>
* URL             : http://wapiti.sourceforge.net/
* License         : GPL
  Programming Lang: Python
  Description     : Web application vulnerability scanner

Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
 
Wapiti can detect the following vulnerabilities :
  - File Handling Errors (Local and remote include/require, fopen, readfile...)
  - Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  - XSS (Cross Site Scripting) Injection
  - LDAP Injection
  - Command Execution detection (eval(), system(), passtru()...)
  - CRLF Injection (HTTP Response Splitting, session fixation...)

Wapiti is able to differentiate ponctual and permanent XSS vulnerabilities.
Wapiti prints a warning everytime it founds a script allowing HTTP uploads.
A warning is also issued when a HTTP 500 code is returned (useful for ASP/IIS)
Wapiti does not rely on a vulnerability database like Nikto do. Wapiti aims to discover unknown vulnerabilities in web applications.

--- End Message ---

--- Begin Message ---

To: 381418-close@bugs.debian.org
Subject: Bug#381418: fixed in wapiti 1.1.6-1
From: Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
Date: Sun, 15 Jul 2007 12:55:27 +0000
Message-id: <E1IA3dH-0008Ha-LA@ries.debian.org>

Source: wapiti
Source-Version: 1.1.6-1

We believe that the bug you reported is fixed in the latest version of
wapiti, which is due to be installed in the Debian FTP archive:

wapiti_1.1.6-1.diff.gz
  to pool/main/w/wapiti/wapiti_1.1.6-1.diff.gz
wapiti_1.1.6-1.dsc
  to pool/main/w/wapiti/wapiti_1.1.6-1.dsc
wapiti_1.1.6-1_all.deb
  to pool/main/w/wapiti/wapiti_1.1.6-1_all.deb
wapiti_1.1.6.orig.tar.gz
  to pool/main/w/wapiti/wapiti_1.1.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381418@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas BlÃ¤sing <thomasbl@pool.math.tu-berlin.de> (supplier of updated wapiti package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 28 Jun 2007 14:08:17 +0200
Source: wapiti
Binary: wapiti
Architecture: source all
Version: 1.1.6-1
Distribution: unstable
Urgency: low
Maintainer: Thomas BlÃ¤sing <thomasbl@pool.math.tu-berlin.de>
Changed-By: Thomas BlÃ¤sing <thomasbl@pool.math.tu-berlin.de>
Description: 
 wapiti     - Web application vulnerability scanner
Closes: 381418
Changes: 
 wapiti (1.1.6-1) unstable; urgency=low
 .
   * Initial release (Closes: #381418)
Files: 
 8edef42b50a0e9a75ea115640a70a26b 631 python optional wapiti_1.1.6-1.dsc
 8b6067b64c16b575da43aa2dbfaeea23 51200 python optional wapiti_1.1.6.orig.tar.gz
 d5ee37763aee72a7f253cf1a339002ab 2639 python optional wapiti_1.1.6-1.diff.gz
 180d7557c946362412f5eadbe3df3fd1 18202 python optional wapiti_1.1.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGjTSVCV53xXnMZYYRAtI1AKDGTSxOIjQXkyLcq7Bln6IHrAkOUwCgi6sz
xI+vP4d5D5ToEHohyKV/mbM=
=oxZT
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#431626: marked as done (ITP: python-boto -- Python interface to Amazon's Web Services)
Next by Date: Bug#282235: [Debian QA] please review your old bug reports against CUPS
Previous by thread: Bug#427094: marked as done (ITP: tetgen -- TetGen - A Quality Tetrahedral Mesh Generator)
Next by thread: Bug#282235: [Debian QA] please review your old bug reports against CUPS
Index(es):
- Date
- Thread