XSS Vulnerability
Posted: Sun 11 Sep 2016 8:50 pm
Hi,
I've just had a PCI Compliance report back on our internal network. We're using Cumulus MX for some development work. They've failed the system running Cumulus as it is vulnerable to XSS. Obviously as this is a big security issue (potentially unknown) I'd expect someone would want to look at it ASAP! I enclose the report below:
I've just had a PCI Compliance report back on our internal network. We're using Cumulus MX for some development work. They've failed the system running Cumulus as it is vulnerable to XSS. Obviously as this is a big security issue (potentially unknown) I'd expect someone would want to look at it ASAP! I enclose the report below:
Cheers,
10618137 Web server Multiple Cross-Site Scripting Vulnerabilities Detected 8080 / tcp CVE: 6.4 No medium
+ Show More Host: 92.27.234.117 ?Explain
CVSS base score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Temporal Score: 5.3 E:F/RL:O/RC:C
Severity: 3
QID: 86175
Category: Web server
CVE ID:
Vendor Reference:
Bugtraq ID:
Date updated: 23/07/2015 04:31
Threat:
Your Web server/application does not filter script embedding from links displayed on a server's Web site.
A malicious user can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyperlink. Upon clicking the hyperlink, your Web server will generate an error message including the specified or embedded script. The specified or embedded script is executed in the client's browser and treated as content originating from the target server returning the error message (even though the scripting may have originated from another site entirely).
Note: Each report line represents a unique cross-site scripting on that page.
Impact:
By exploiting this vulnerability, malicious scripts can be executed in the client's browser.
Solution:
Any Web application on the server may be affected by this vulnerability. To prevent cross-site scripting attacks from occurring, web developers should use static pages whenever possible and sanitize input / output.
The following vendors provided a patches at the web server level. See below for a list of patches for some specific Web servers. If this information does not apply to your Web server, contact your Web server vendor. If your web server does not support filtering please have your web developers resolve this issue at the application level.
This issue is fixed in Sun ONE / iPlanet Web Server 4.1 Service Pack 12 and above. The latest service pack is available for download from Sun ONE Web Server Enterprise Edition 4.1 Service Pack 13.
For Microsoft IIS 4/5/5.1, apply the cumulative patch described in Microsoft Security Bulletin MS02-018. No additional service packs are planned for Windows NT 4.0. IIS 5.0 fixes will be included in Windows 2000 Service Pack 3. IIS 5.1 fixes will be included in Windows XP Service Pack 1.
For IBM Websphere, please refer to websphere-faultactor-xss (30055).
For Web Applications: If your Web application is vulnerable, please check with the web application vendor for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Web Server (Sun ONE / iPlanet Web Server 4.1 Service Pack 12)
Web Server: Windows (IIS 4.0, 5.0, 5.1)
RESULT:
GET /RaNdoM_JuNk HTTP/1.1
Connection: Keep-Alive
Host: "><script>alert(document.domain)</script>
<h1>Bad Request (Invalid url: http://"><script>alert(document.domain)</script>:8080/RaNdoM_JuNk)</h1>