[SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability

From: Tamer Sahin (ts@SECURITYOFFICE.NET)
Date: 03/17/03

  • Next message: NGSSoftware Insight Security Research: "Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)"
    Date:         Mon, 17 Mar 2003 16:21:30 +0200
    From: Tamer Sahin <ts@SECURITYOFFICE.NET>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: MD5

    - --[ Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability ]--

    - --[ Type

    Information Leakage

    - --[ Release Date

    March 17, 2003

    - --[ Product / Vendor

    NetCharts XBRL Server 4.0 is a data visualization service that generates
    charts and graphs, tables, and reports. It can be used alone or

    in conjunction with any web infrastructure from the simplest CGI scripts
    to the most sophisticated Enterprise Application Server.

    Any data source—
       - Oracle
       - Sybase
       - Any JDBC
       - Any ODBC: Excel, Access, SQL Server
       - Legacy systems
       - XBRL
       - XML
       - …and others

    Anyhow, anywhere—
       - TIFF, BMP, JPEG
       - Java Applets
       - Flash, PDF, HTML pages
       - J2EE
       - COM / ASP / .NET
       - Cold Fusion
       - …and more

    http://www.visualmining.com

    - --[ Summary

    A client may connect to the target machine and deliver several requests
    with an invalid chunked encoded body.

    The potential for information leakage is great but the risk is mitigated
    somewhat by the unpredictability of the query-response desynchronisation.
    Depending on the target site this may be somewhat exploitable by a malicious
    user to redirect other users to a specific response by saturating the
    communcation channels with a desired response.

    ==================== SNIP ====================

    GET /index.jsp HTTP/1.1
    Host: victim.com
    Transfer-Encoding: Chunked

    53636f7474

    ==================== SNIP ====================

    Related:
    Recently disclosured advisory:
    http://online.securityfocus.com/bid/6320

    - --[ Tested

    Netcharts XBRL Server v4.0.0 for Windows 2000

    - --[ Vulnerable

    Netcharts XBRL Server v4.0.0 for Windows 2000

    - --[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or illegal
    use of any of the information and/or the software listed on this security advisory.

    - --[ Author

    Tamer Sahin
    ts@securityoffice.net
    http://www.securityoffice.net

    All our advisories can be viewed at http://www.securityoffice.net/articles/

    Please send suggestions, updates, and comments to feedback@securityoffice.net

    (c) 2002 SecurityOffice

    This Security Advisory may be reproduced and distributed, provided that this
    Security Advisory is not modified in any way and is attributed to SecurityOffice
    and provided that such reproduction and distribution is performed for non-commercial
    purposes.

    Tamer Sahin
    http://www.securityoffice.net

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6

    iQEVAwUAPnXZ7fpL5ibJRTtBAQGumAf/YNAO3WXNX9AjEGQWhbzv30i7OrvWYn7x
    k1WQr799SGi+phM5GIhshP8zuLsQ0p6FyP1ICtJquYNdQU0FDre5j/if7iuzj5vx
    H7YBqUduH8GK3bxqgY/DHtbxm5KWwNplT3V09DWgbKU/bkowHFQ0PCiQGI+YQKe9
    QB4teHr681wj5s1LsHxljbEvzeMt70RAcC2B7ja2wCvdIFPxAZ2luaK9hC8b8gN5
    llI42aHL9Yr1q9K9REhqjOneRf5inMEXPBfdsv4d6MJKG2Obe2YPTwwqMtVZ1+3F
    92ChyEKEylnenyTpaVEijwsyrItKBL0JYO7VlH42vHV4uH2HzIxbbA==
    =Y2pr
    -----END PGP SIGNATURE-----

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



    Relevant Pages