|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Gattaca Server 2003 Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Sat Jul 12 2003 - 07:04:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Gattaca Server 2003 Multiple Vulnerabilities
READ ONLINE:
http://www.secunia.com/advisories/9242/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information, DoS
WHERE:
From remote
SOFTWARE:
Gattaca Server 2003 1.x
DESCRIPTION:
Multiple vulnerabilities have been reported in Gattaca Server 2003,
which can be exploited to conduct Cross-Site Scripting attacks,
access arbitrary files and cause a DoS (Denial of Service).
It is possible to view directory contect by sending a specially
crafted HTTP request where an extra "/" character has been appended
to the end of the HTTP request for a directory.
Example:
http://[victim]//
Supplying an overly long argument (1048 characters or more) to the
"LLIST" command in the Gattaca console can be exploited to crash the
server.
An input validation error in "view.tmpl" can be exploited to access
arbitrary files on the system with the privileges of Gattaca via a
classic directory traversal attack.
Example:
http://[victim]/view.tmpl?testfile=../../winnt/win.ini
An input validation error in "view2.tmpl" can be exploited to conduct
Cross-Site Scripting attacks against visitors. This can be exploited
to gain knowledge of sensitive information (e.g. cookie-based
authentication information) associated with the site running Gattaca
Server 2003, or inclusion of malicious content, which the user thinks
is part of the real website.
However, successful exploitation requires that a user is tricked into
visiting a malicious web site or clicking a malicious link.
Example:
http://[victim]/view2.tmpl?text=<script>alert(document.cookie)</script>
The vulnerabilities have been reported in version 1.0.8.1. However,
prior versions may also be affected.
SOLUTION:
The vendor will reportedly fix the vulnerabilities in the next
release (except the Cross-Site Scripting issue, which the vendor
doesn't regard as a vulnerability):
www.gattaca-server.com
Filter malicious requests in a HTTP proxy or firewall with URL
filtering capabilities and grant only trusted users access to the
Gattaca console.
REPORTED BY / CREDITS:
Gregory Le Bras
ORIGINAL ADVISORY:
http://www.security-corporation.com/advisories-019.html
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]