SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetCharts Server Vendors:   Visual Mining, Inc.
NetCharts Server Chunked-Encoding Flaw May Disclose Information to Remote Users
SecurityTracker Alert ID:  1006119
SecurityTracker URL:  http://securitytracker.com/id/1006119
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 17 2003
Impact:   Disclosure of user information
Exploit Included:  Yes  
Version(s): 4.0.0
Description:   An information disclosure vulnerability was reported in Visual Mining's NetCharts Server. The server may leak information to remote users.

A remote user can reportedly connect to the target server and supply several requests with an invalid chunked encoded body. This can reportedly cause the server to disclose unintended data.

According to the report, on some sites, this may be exploited to redirect victim users to a specific response by saturating the communcation channels with a desired response.

A demonstration exploit is provided:

GET /index.jsp HTTP/1.1
Host: [target]
Transfer-Encoding: Chunked

53636f7474

Impact:   A remote user may be able to view unintended data from the server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  chartworks.com/products/server-new.html (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)
Underlying OS Comments:  Tested only on Windows 2000

Message History:   None.


 Source Message Contents

Subject:  [VulnWatch] [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability ]--

- --[ Type

Information Leakage

- --[ Release Date

March 17, 2003

- --[ Product / Vendor

NetCharts XBRL Server 4.0 is a data visualization service that generates
charts and graphs, tables, and reports. It can be used alone or

in conjunction with any web infrastructure from the simplest CGI scripts
to the most sophisticated Enterprise Application Server.


   - Oracle
   - Sybase
   - Any JDBC
   - Any ODBC: Excel, Access, SQL Server
   - Legacy systems
   - XBRL
   - XML

   - TIFF, BMP, JPEG
   - Java Applets
   - Flash, PDF, HTML pages
   - J2EE
   - COM / ASP / .NET
   - Cold Fusion

http://www.visualmining.com

- --[ Summary

A client may connect to the target machine and deliver several requests
with an invalid chunked encoded body.

The potential for information leakage is great but the risk is mitigated
somewhat by the unpredictability of the query-response
desynchronisation. Depending on the target site this may be somewhat
exploitable by a malicious user to redirect other users to a

specific response by saturating the communcation channels with a desired
response.

==================== SNIP ====================

GET /index.jsp HTTP/1.1
Host: victim.com
Transfer-Encoding: Chunked

53636f7474

==================== SNIP ====================

Related:
Recently disclosured advisory:
http://online.securityfocus.com/bid/6320

- --[ Tested

Netcharts XBRL Server v4.0.0 for Windows 2000

- --[ Vulnerable

Netcharts XBRL Server v4.0.0 for Windows 2000

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal
use of any of the information and/or the software listed on this

security advisory.

- --[ Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is

attributed to SecurityOffice and provided that such reproduction and distribution
is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPnXZSPpL5ibJRTtBAQEZ7gf9F34K1r6DQAGMMzWgAdwkbztGAO6XagFR
W3RzZrZMaoaoGmWKdWqYKnZhILn4Er0//TzMz4XJTsInibdXbgFDf2mE5PEnYOmD
86A7erap/TqZZ6nPxbETNYNfMqU7CgsY4W8ZwyFersGQZ4AOaYvAQUVlhVcONd4y
NEPYcOFLfjj8IALkI4il6Cpa5gb8VtMsNFPe3Qll7GlYXGI41C/T5yt804B/5nwP
nxdGmQZMgZcHwBSBJiAF5/OGQhHpTjThpFVzYO5PVK9Z8j9DrS4sq1New1ny2gV+
Annwxd/t2KM0BKJhq7kImqopke0FZT/o2d7bWuDrD1OKens7TQZvpA==
=470C
-----END PGP SIGNATURE-----





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC