Novell GroupWise WebAccess E-Mail IMG SRC XSS

2005-07-15T04:27:31
ID OSVDB:18064
Type osvdb
Reporter Francisco Amato(famato@infobyte.com.ar)
Modified 2005-07-15T04:27:31

Description

Vulnerability Description

Novell GroupWise WebAccess contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate e-mail message upon submission to the dynamically generated web content. This could allow a user to send a specially crafted e-mail that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 6.5 (dated after 11/7/2005) or 6.5 SP5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Novell GroupWise WebAccess contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate e-mail message upon submission to the dynamically generated web content. This could allow a user to send a specially crafted e-mail that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Send a e-mail with the following html code: <IMG SRC="j&#X41vascript:alert(document.cookie)">

References:

Vendor Specific Advisory URL Security Tracker: 1014515 Secunia Advisory ID:16098 Other Advisory URL: http://www.infobyte.com.ar/adv/ISR-11.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0322.html Keyword: TID10098301 ISS X-Force ID: 21421 CVE-2005-2276 Bugtraq ID: 14310