SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Sophos Anti-Virus Vendors:   Sophos
Sophos Anti-Virus Input Validation Flaw in Configuration Console Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1030467
SecurityTracker URL:  http://securitytracker.com/id/1030467
CVE Reference:   CVE-2014-2385   (Links to External Site)
Updated:  Jul 5 2014
Original Entry Date:  Jun 25 2014
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 9.5.1
Description:   A vulnerability was reported in the Sophos Anti-Virus Configuration Console. A remote user can conduct cross-site scripting attacks.

Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Sophos Anti-Virus configuration console software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vendor was notified on February 14, 2014.

The original advisory is available at:

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/

Pablo Catalina reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Sophos Anti-Virus configuration console software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (9.6.1).

The vendor's advisory is available at:

http://www.sophos.com/en-us/support/knowledgebase/121135.aspx

Vendor URL:  www.sophos.com/en-us/support/knowledgebase/121135.aspx (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents

Subject:  CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)

Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus
Configuration Console (Linux)
CVE: CVE-2014-2385
Vendor: Sophos
Product: Antivirus
Affected version: 9.5.1
Fixed version: 9.6.1
Reported by: Pablo Catalina

Details:

The Configuration Console of Sophos Antivirus 9.5.1 (Linux) does not
sanitize several input parameters before sending them back to the
browser, so an attacker could inject code inside these parameters,
including JavaScript code. The following URLs and parameters are affected:

http://localhost:8081/exclusion/configure
newListList:ExcludeFileOnExpression
newListList:ExcludeFilesystems
newListList:ExcludeMountPaths
http://localhost:8081/notification/configure
text:EmailServer
newListList:Email

    
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/


Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.

Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC