SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Plumtree Vendors:   Plumtree Software, Inc.
Plumtree Corporate Portal Allows Cross-Site Scripting Attacks, Letting Remote Users Steal Cookies
SecurityTracker Alert ID:  1003351
SecurityTracker URL:  http://securitytracker.com/id/1003351
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 24 2002
Impact:   Disclosure of user information, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5
Description:   A vulnerability was reported in Plumtree Corporate Portal. A remote user can conduct a cross-site scripting attack against the server and may be able to steal another user's cookies.

It is reported that a remote user can craft a web page (or HTML-based e-mail) that includes malicious javascript that, when executed by another user, will access the other user's cookies associated with the web site running the Plumtree portal.

Errors are displayed via the error.asp script. The second paramater to that script is apparently a textual description of the error message that will be displayed by the server. This parameter is apparently not filtered.

Impact:   A remote user may be able to steal another user's cookies associated with the web site running the Plumtree portal.
Solution:   The vendor has issued a knowledge base article with information and a fix. The fix will reportedly be included within Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6. For the knowledge base article, see supportnet article number #11012 at:

http://www.plumtree.com/company/technical_support.htm

Vendor URL:  www.plumtree.com (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Plumtree Corporate Portal Cross-Site Scripting (Patch Available)


Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
----------------------------------------------------------------

SYNOPSIS

Plumtree (www.plumtree.com) Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5 should be modified to remediate potential
 cross-site scripting attacks directed against existing Corporate Portal installations.

IMPACT

If the appropriate patch/remediation from Plumtree is not applied, a malicious user may craft a link containing rogue JavaScript,
 which could potentially lead to disclosure of state-maintenance or other critical data.  Further information on cross-site scripting
 may be found in CERT advisory CA-2000-01 (http://www.cert.org/advisories/CA-2000-02.html).

CAUSE

Plumtree Corporate Portal supplies an error information page named error.asp, which by default is accessed through URI=http://<PORTALSITE>/<PORTALNAME>/common/error.asp.
  The second parameter supplied to error.asp is a textual description of the error message that will be shown in the resulting error
 web page.  This textual parameter may be modified to include rogue script on affected installations.

STATUS

Plumtree has been notified and has issued a knowledge base article with information and a fix.  Plumtree will incorporate the fix
 into Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6.  Plumtree supportnet article number is #11012 and may be accessed
 from the supportnet community on the Plumtree website.  The Plumtree supportnet community is available via: http://www.plumtree.com/company/technical_support.htm

ACKNOWLEDGEMENTS

Affected Plumtree Corporate Portal version numbers are reproduced here from the Plumtree knowledge base article.  Thanks specifically
 to Andrew Morris and Philip Soffer (both Plumtree representatives) for their consistently prompt responses and thorough attention
 to this matter.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC