SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   IBM Security AppScan Vendors:   Sanctum
Sanctum AppScan Audit Edition May Not Detect Certain Javascript URLs
SecurityTracker Alert ID:  1007792
SecurityTracker URL:  http://securitytracker.com/id/1007792
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 23 2003
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.0 Audit Edition
Description:   A vulnerability was reported in AppScan Audit Edition. A remote user can create HTML containing malicious links that will not be detected and tested by the application.

Packetstorm posted a report credited to Rafael San Miguel Carrasco indicating that there is a weakness in the AppScan "Explore stage" when configured for "Automatic Scan". When HTML code uses a wrapper function within an "A HREF" tag to reference a URL, the application will reportedly fail to detect and test the URL.

A demonstration exploit is provided:

<script>
function openBrWindow(theURL,winName,features)
{ window.open(theURL,winName,features); }
</script>

<a href="#" onClick="openWindow('bla.html','','');">
<img src="bla.jpg"></a>

The vendor has reportedly been notified.

Impact:   A remote user can create HTML with malicious links that will not be tested by AppScan.
Solution:   No solution was available at the time of this entry. According to the report, the vendor provided the following workaround:

"We are aware of this limitation and in case of extensive usage of Java Script we recommend the user to choose "Interactive" Scan Type and explore the site manually. If you do so, just like a normal user will explore your site, AppScan will test the encapsulated links."

Vendor URL:  www.sanctuminc.com/solutions/appscanaud/index.html (Links to External Site)
Cause:   State error
Underlying OS:  Windows (2000)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC