W3C Jigsaw Server Input Validation Hole Lets Remote Users Conduct Cross-site Scripting Attacks
|
|
SecurityTracker Alert ID: 1005090 |
|
SecurityTracker URL: http://securitytracker.com/id/1005090
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 21 2002
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 2.2.0
|
Description:
An input validation vulnerability was reported in the W3C Jigsaw proxy server. A remote user can conduct cross-site scripting attacks against Jigsaw users.
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the proxy server and will run in the security context of that site. The code may be able to access the target user's cookies (including authentication cookies), if any, associated with the proxy server, access data recently submitted by the target user via web form to the proxy server, or take actions acting as the target user.
A demonstration exploit URL is provided:
http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>
|
Impact:
A remote user may be able to access the target user's cookies (including authentication cookies), if any, associated with the proxy server, access data recently submitted by the target user via web form to the proxy server, or take actions on the proxy server acting as the target user.
|
Solution:
The vendor released a fixed version (2.2.1), available at:
http://www.w3.org/Jigsaw/#Getting
|
Vendor URL: www.w3.org/Jigsaw/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 18 Aug 2002 04:10:45 +0900
Subject: W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
|
W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability
===========================================================
Affected:
Jigsaw 2.2.0 and earlier
http://www.w3.org/Jigsaw/RelNotes.html#2.2.0
Fixed:
Jigsaw 2.2.1
http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
Exploit:
http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT>
========================================================
An HTTP error occured while getting: <p>
<strong>http://nonexistenthost.google.com/<SCRIPT>document.write(document.cookie)</SCRIPT></strong><p>
Details "The host name [nonexistenthost.google.com] couldn't be resolved.
Details: "nonexistenthost.google.com"".<hr>Generated by
<i>http://.............:8001/
..snip...
========================================================
Similar problems have been found in Proxomitron Naoko-4 BetaFour,
Microsoft ISA Server and Squid 2.4 DEVEL4.
<http://www.securityfocus.com/bid/3087>
<http://www.microsoft.com/technet/security/bulletin/MS01-045.asp>
<http://www.securityfocus.com/archive/1/197606>
Vendor Status:
Aug 10, 2001: Notified
Jan 4, 2002: Responded
Apr 8, 2002: Fix released
Best regards,
--
Hiromitsu Takagi
http://staff.aist.go.jp/takagi.hiromitsu/
|
|
