IBM Tivoli Directory Server ldacgi.exe XSS

2003-12-03T07:00:23
ID OSVDB:2895
Type osvdb
Reporter OSVDB
Modified 2003-12-03T07:00:23

Description

Vulnerability Description

IBM Tivoli Directory Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Web Admin interface (ldacgi.exe) in the application does not validate the variables upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities.

Short Description

IBM Tivoli Directory Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Web Admin interface (ldacgi.exe) in the application does not validate the variables upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Example: https://[victim]/ldap/cgi-bin/ldacgi.exe?Action=<script>alert(document.domain)</script>

References:

Secunia Advisory ID:10347 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0015.html ISS X-Force ID: 13888 Generic Informational URL: http://www-306.ibm.com/software/tivoli/products/directory-server/