SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE Systems Insight Manager Vendors:   HPE
Compaq Insight Manager Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1005347
SecurityTracker URL:  http://securitytracker.com/id/1005347
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 3 2002
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 4.2, 4.37
Description:   An input validation flaw was reported in Compaq's Insight Manager. A remote user can conduct cross-site scripting attacks against Insight Manager users.

It is reported that the web daemon does not filter user-supplied HTML tags when displaying an error message in response to a request for a non-existing file.

A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from Insight Manager and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://<Server IP>:2301/<script>alert('Test')</script>

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Insight Manager host, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  XSS bug in Compaq Insight Manager Http server


Advisory name: XSS bug in Compaq Insight Manager Http server
Application: Compaq Insight Manager Http server
Date: 01.10.2002
Impact: XSS code execution

[DESCRIPTION]
XSS bug in Compaq Insight Manager Http server

[ISSUE]
The Compaq Insight Manager Http server is vulnerable to the Cross Site 
Scripting (XSS) vulnerability.  This vulnerability is caused by the 
results returned to a user when a non-existing file is requested.  The 
vulnerability would allow an attacker to make the server present another 
user with malicious JavaScript/HTML code that is interpreted and 
executed without the users knowledge (e.g. the result contains the 
JavaScript provided in the request).  This vulnerability was identified 
with a popular open-source vulnerability assessment tool and confirmed 
using the following XSS test.

[XSS TEST]
http://<Server IP>:2301/<script>alert('Test')</script>

[VERSIONS TESTED]
CompaqHTTPServer/4.2
CompaqHTTPServer/4.37

[SUPPORTING INFO]
http://www.cert.org/advisories/CA-2000-02.html

[VENDOR RESPONSE]
There is a 3rd party software tool that can be used for security 
assessments that flags any web server as potentially having this 
problem. Our web servers do not, to our knowledge, have this 
vulnerability. We have investigated it but it is a non-issue for us. 
This issue is just a 'potential vulnerability' rather than a 'for sure' 
problem. In other words, the tool is guessing that all web servers can 
have this problem.

Thank You,
HP E-Services




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC