SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Netscape Enterprise Server Vendors:  Netscape, Sun
Netscape Enterprise Server Manager Input Validation Flaw Lets Remote Users Execute Application Commands
SecurityTracker Alert ID:  1005755
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 4 2002
Impact:  User access via network
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 4.1 SP10
Description:  An input validation vulnerability was reported in the Netscape Enterprise Server Manager in the log viewer. A remote user could cause arbitrary Javascript-based server commands to be executed.

ProCheckUp reported that the Server Manager's log viewer does not properly filter user-supplied text from the log files when viewing the log files. A remote user can create and send a specially crafted HTTP request containing malicious Javascript code. The request will be logged to the log file. Then, when the administrator uses the Server Manager log viewer to view the log file, the remote user's Javascript will be executed. Because the Server Manager is Javascript-based and because the administrator must be authenticated to view the log file, the code can take any actions on the Server Manager acting as the administrator. According to the report, this allows the remote user to take control over a server.

Netscape 6 SP3 and above and Netscape 4.1 SP12 are reportedly not affected.

Some demonstration exploit examples are provided in the ProCheckup advisory at:

http://www.procheckup.com/security_info/vuln_pr0215.html
Impact:  A remote user can cause arbitrary Server Manager commands to be executed when an administrator uses the log viewer to display the log files.
Solution:  No solution was available at the time of this entry. Sun is reportedly working on a fix for inclusion in SP12.
Vendor URL:  www.netscape.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  UNIX (Solaris - SunOS), Windows (NT)

Message History:   None.

 Source Message Contents
Date:  Wed, 04 Dec 2002 15:57:01 -0500
Subject:  Netscape Enterprise Server Manager

 

http://www.procheckup.com/security_info/vuln_pr0215.html

ProCheckUp issued a security bulletin warning of an input validation vulnerability in the
Netscape Enterprise Server Manager, affecting Windows NT and Sun Solaris platforms.

Version 4.1 SP10 was tested.

It is reported that the Server Manager's log viewer does not properly filter user-supplied
text from the log files when viewing the log files.  A remote user could make a specially
crafted HTTP request containing malicious Javascript code.  The request will be logged to
the log file.  Then, when the administrator uses the Server Manager log viewer to view the
log file, the remote user's Javascript will be executed.  The code can take any actions on
the Server Manager acting as the administrator.  According to the report, this allows the
remote user to take control over a server.

According to the report, Sun is working on a fix for inclusion in SP12.  Netscape 6 SP3
and above and also Netscape 4.1 SP12 are reportedly not affected.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC