Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1320
HistoryApr 16, 2015 - 8:00 a.m.

SA94 : Malware Analysis Appliance Cross-site Scripting and Information Disclosure Vulnerabilities

2015-04-1608:00:00
Symantec Security Response
5

0.002 Low

EPSS

Percentile

59.1%

JSON

SUMMARY

The Malware Analysis Appliance (MAA) is vulnerable to cross-site scripting (XSS) and information disclosure vulnerabilities in search.php. An attacker can use these vulnerabilities to attack the client machine (via XSS), and to obtain MAA user names, sample names, and user generated data about the samples.

AFFECTED PRODUCTS

Malware Analysis Appliance (MAA)

CVE |Affected Version(s)|Remediation
All CVEs | 4.2 | Upgrade to 4.2.4.
4.1 | Upgrade to later version with fixes.

Malware Analyzer G2 (MAG2)

CVE |Affected Version(s)|Remediation
All CVEs | 3.5 and prior | Upgrade to later version of MAA with fixes.

ISSUES

CVE-2015-0937

Severity / CVSSv2 | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) References| SecurityFocus: BID 74060 / NVD: CVE-2015-0937 Impact| Cross-site scripting (XSS) Description | Cross-site scripting vulnerabilities are present in search.php and other URLs. An attacker can use cross-site scripting to execute arbitrary javascript on the client machine as the user. The javascript could be used to send commands to MAA, or to install malware or keystroke loggers on the client machine.

CVE-2015-0938

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID 74060 / NVD: CVE-2015-0938 Impact| Information disclosure Description | Information can be obtained by a non-authenticated user using search.php. An attacker could obtain the names of MAA users that have uploaded samples, the sample file names of any files that have been submitted to MAA, and user generated data about the samples that have been uploaded. An attacker cannot modify information or obtain full administrative access.

ACKNOWLEDGEMENTS

Thank you to the CERT Coordination Center for coordinating the vulnerability report and the subsequent release of a fix.

REFERENCES

VU#274244 - <https://www.kb.cert.org/vuls/id/274244&gt;

REVISION

2015-07-01 A fix will not be provided in 4.1; marked as final.
2015-04-16 Initial public release

Related

cert 1
cvelist 2
nvd 2
prion 2
cve 2
cert
cert
Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure
2015-04-14 00:00:00
cvelist
cvelist
CVE-2015-0938
2015-04-17 01:00:00
CVE-2015-0937
2015-04-17 01:00:00
nvd
nvd
CVE-2015-0938
2015-04-17 01:59:28
CVE-2015-0937
2015-04-17 01:59:27
prion
prion
Code injection
2015-04-17 01:59:00
Cross site scripting
2015-04-17 01:59:00
cve
cve
CVE-2015-0938
2015-04-17 01:59:28
CVE-2015-0937
2015-04-17 01:59:27

0.002 Low

EPSS

Percentile

59.1%

JSON
Related for SMNTC-1320
cert1cvelist2nvd2prion2cve2