Nihuo Web Log Analyzer Multiple Header Fields XSS

2004-02-17T00:00:00
ID OSVDB:9099
Type osvdb
Reporter Audun Larsen(larsen@xqus.com)
Modified 2004-02-17T00:00:00

Description

Vulnerability Description

Nihou Web Log Analyzer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the HTTP user-agent and refefrer fields. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Nihou Web Log Analyzer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the HTTP user-agent and refefrer fields. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.loganalyzer.net/ Security Tracker: 1011010 Secunia Advisory ID:12347 Mail List Post: http://lists.insecure.org/lists/bugtraq/2004/Aug/0282.html ISS X-Force ID: 17055 CVE-2004-1729