(Sun Issues Fix) Re: iPlanet Web Server Log Analyzer Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Administrators - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Sun ONE/iPlanet Web Server

(Sun Issues Fix) Re: iPlanet Web Server Log Analyzer Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Administrators

SecurityTracker Alert ID: 1008210

SecurityTracker URL: http://securitytracker.com/id/1008210

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 17 2003

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 6.0 Service Pack 5 and prior; 4.1 Service Pack 12 and prior

Description: An input validation vulnerability was reported in the iPlanet Web Server in the Log Analyzer. A remote user can cause arbitrary scripting code to be executed by a target administrator when the target administrator views a log file.

In March 2003, Infohacking Research reported that a remote user can set a malicious hostname containing HTML scripting code in the domain name system (DNS) and then make an HTTP request to a target server. If the target iPlanet Web Server is configured to perform inverse hostname lookups, the user-supplied HTML scripting code may be recorded in the web server log file.

When a target administrator runs the Log Analyzer to view the affected log entry, arbitrary scripting code will be executed by the target administrator's browser. The code will originate from the Log Analyzer application and will run in the security context of that application. As a result, the code will be able to access the target administrator's cookies (including authentication cookies), if any, associated with the security zone that the application runs in, access data recently submitted by the target administrator via web form to the application, or take actions on the application acting as the target administrator.

Some demonstration exploit hostnames are provided:

<script>alert( a )</script>
<script>alert( a )</script>.infohacking.com
<script>alert( a )</script>.infohacking.com

Some images showing the effects of a demonstration exploit is available at:

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/ILLC/cap-report-html.gif

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/ILLC/cap-report-text.gif

Impact: A remote user can access the target administrator's cookies (including authentication cookies), if any, associated with the security zone that the iPlanet administrative interface runs in, access data recently submitted by the target administrator via web form to the application, or take actions on the application acting as the target administrator.

Solution: Sun has issued the following fixes.

Sun ONE/iPlanet Web Server 6.0 Service Pack 6 or later, available at:

http://wwws.sun.com/software/download/products/3f186391.html

Sun ONE/iPlanet Web Server 4.1 Service Pack 13 or later, available at:

http://wwws.sun.com/software/download/products/3f8472da.html

Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57418 (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Red Hat Linux), Linux (Sun), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History: This archive entry is a follow-up to the message listed below.

iPlanet Web Server Log Analyzer Input Filtering Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Administrators

Source Message Contents

Date: Mon, 17 Nov 2003 15:51:36 -0500
Subject: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57418


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57418

57418 	  	Sun One Web Server Log Analyzer Vulnerability 	  	14 Nov 2003

Sun reported that when the Sun ONE Web Server is configured to log client hostnames 
instead of IP addresses, a remote user can embed malicious code into the log file.

The following versions are affected:

     * Sun ONE/iPlanet Web Server 6.0 Service Pack 5 and earlier
     * Sun ONE/iPlanet Web Server 4.1 Service Pack 12 and earlier

Sun has issued the following fixes:

     * Sun ONE/iPlanet Web Server 6.0 Service Pack 6 or later

Available at: http://wwws.sun.com/software/download/products/3f186391.html

     * Sun ONE/iPlanet Web Server 4.1 Service Pack 13 or later

Available at: http://wwws.sun.com/software/download/products/3f8472da.html

-----

     * Sun Alert ID: 57418
     * Synopsis: Sun One Web Server Log Analyzer Vulnerability
     * Category: Security
     * Product: Sun ONE Web Server
     * BugIDs: 4855546
     * Avoidance: Upgrade
     * State: Resolved
     * Date Released: 14-Nov-2003
     * Date Closed: 14-Nov-2003
     * Date Modified:

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC