[UNIX]Cross-Site Scripting Filter Evasion in Various Frameworks / Applications
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 4 Oct 2008 18:20:06 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cross-Site Scripting Filter Evasion in Various Frameworks / Applications
------------------------------------------------------------------------
SUMMARY
The Horde project relies on code similar to Popoon's externalinput.php to
filter out potential XSS attacks on user-supplied input. Other projects
are using the same code base. Therefore this vulnerability affects also
the popular Cake-PHP framework. Hence, all users that rely on the
externalinput sanitization functionality are affected by this
vulnerability, as in addition to many other unrelated, open source
projects.
DETAILS
Vulnerable Systems:
* Horde version 3.1 and newer
* Horde version 3.2.1 and prior
* Popoon/Flux-CMS version r22196 and prior
* Cake-PHP version 1.2.x.x_18.08.2008 (nightly) and prior
* phpMyFAQ version 2.5.0-dev (2008-08-18) and prior
* deluxeBB version 1.2 and prior
* emucms version 0.3 and prior
* SimpleSite version 1.6.4 and prior
* RevokeBB version 1.0RC11_normal and prior
* TPLN version 2.9 and prior
* Logicoder version r27 and prior
* phour version r106 and prior
* MDPro version 1.0821 and prior
* noserub version r784/0.6 and prior
The XSS filter fails to fully sanitize the user data. In particular, this
filter fails to protect against a special character which Microsoft
Internet Explorer and Mozilla Firefox is interpreting it as a valid space
character.
Impact:
This circumstance allows to bypass the filter and to apply Cross-Site
Scripting.
Solution:
For detailed information about the fixes, follow this
<http://www.ocert.org/advisories/ocert-2008-012.html> link.
Vendor communication:
2008/07/25 - Bug found and PoC preparation
2008/07/26 - Vulnerability report submitted via oCert online-form
2008/08/05 - oCert confirmed the submission. oCert starts the coordination
of affected authors/vendors
2008/09/06 - oCert informs all parties about the advisory release date
2008/09/11 - n.runs AG releases this advisory in coordination with oCert
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3824>
CVE-2008-3824
ADDITIONAL INFORMATION
The information has been provided by <mailto:security@xxxxxxxxx> n.runs
AG.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT]Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
- Next by Date: [NT]Vulnerability in Windows Media Player Allows Code Execution (MS08-054)
- Previous by thread: [NT]Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
- Next by thread: [NT]Vulnerabilities in GDI+ Allow Code Execution (MS08-052)
- Index(es):
Relevant Pages
|
