Lucene search
SasquatchPACKETSTORM:77731HistoryMay 22, 2009 - 12:00 a.m.
Novell Groupwise Cross Site Scripting
2009-05-2200:00:00
sasquatch
packetstormsecurity.com
23
0.002 Low
EPSS
Percentile
58.3%
` Novell GroupWise Web Access Multiple XSS
/============================================\
/~ SecureState R&D Team - leroy and sasquatch ~\
/~ Discovered: 11-24-08, 03-05-09 ~\
\~ Vendor Notified: 01-06-09, 03-05-09 ~/
\~ Vendor Publication: 05-21-09 ~/
\============================================/
/------------------------------------------------------------------------------------------------\
/~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\
/~ ~\
< Example URL: https://www.website.com/gw/webacc >
\~ ~/
\~ An attempt to deter the attack is made in that <script> tags are replaced with <!-- pt> ~/
\------------------------------------------------------------------------------------------------/
|--------------------------------------------------------------|
| Vulnerable Fields: GWAP.version, User.Theme.index, User.lang |
| Vulnerable Versions: 7.0.1, 7.0.3, ? |
|--------------------------------------------------------------|
| Vulnerable Fields: User.Lang |
| Vulnerable Versions: 8.0, ? |
|--------------------------------------------------------------|
|------------------------------------------------------------------------------|
| Phishing via URL Redirection: |
| "/><meta http-equiv="refresh" content="0; url=http://www.securestate.com" /> |
|------------------------------------------------------------------------------|
| JavaScript Execution Proof of Concept: |
| " /><div onmouseover="alert('xss')" style="javascript:visibility:visible;"> |
|------------------------------------------------------------------------------|
|--------------------------------------------------------------------------------|
| Fix Info --> Technical Information Document 7003271 |
| |
| http://www.novell.com/support/search.do?usemicrosite=true&searchString=7003271 |
|--------------------------------------------------------------------------------|
| Version 7 --> 7.03 Hot Patch 2 |
| Fixes vulnerable fields: GWAP.version, User.Theme, but not User.lang |
|--------------------------------------------------------------------------------|
| Version 8 (CVE-2009-1635) |
|--------------------------------------------------------------------------------|
`
Related
securityvulns
securityvulns
Novell GroupWise Web Access Multiple XSS
2009-05-21 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-05-21 00:00:00
Novell Groupwise fails to properly sanitize emails.
2009-05-29 00:00:00
nessus
nessus
Novell GroupWise WebAccess Login Page User.lang Parameter XSS
2009-05-27 00:00:00
prion
prion
Cross site scripting
2009-05-22 16:48:00
cvelist
cvelist
CVE-2009-1635
2009-05-22 16:25:00
cve
cve
CVE-2009-1635
2009-05-22 16:48:00