HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview

HP’s Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 (and possibly other versions) contain a file import facility which is vulnerable to cross-site scripting (XSS).

Description

The supplied facility for importing host data from a file (System Admin Tab | Network | Hosts | Import from Local File) to the HP Arcsight Connector or HP Arcsight Logger appliances fail to sanitize input for cross-site scripting attacks. An attacker with write access to the file that will be imported can add javascript code into the file. This code will be run in the security context of the appliance administrative web GUI when the file is imported.

---

Impact

A remote attacker may, by luring a user into importing a malicious host file, be able to disclose sensitive information, steal user cookies, or escalate privileges.

---

Solution

Update

The vendor’s HPSBMU02836 SSRT101056 security advisory states: HP has provided HP ArcSight Connector Appliance v6.4 and HP ArcSight Logger v5.3 to resolve these issues. Please contact HP support to receive updates.

---

Do not import host file from untrusted sources

Attackers must deliver a malicious host file to, or modify an existing file on, a vulnerable system in order to take advantage of this vulnerability. By only accessing host files, which cannot be modified by unprivileged users, from known and trusted sources the chances of exploitation are reduced.

---

Vendor Information

960468

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Hewlett-Packard Company Affected

Notified: May 02, 2012 Updated: February 15, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03606700&gt;

CVSS Metrics

Group	Score	Vector
Base	1.7	AV:L/AC:L/Au:S/C:N/I:P/A:N
Temporal	1.3	E:U/RL:U/RC:UC
Environmental	0.5	CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

• <http://www.arcsight.com/products/products-logger/&gt;
• <http://www.arcsight.com/products/products-connectors/&gt;
• <https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03606700&gt;

Acknowledgements

Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2012-2960
Date Public:	2012-08-06 Date First Published: