|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Sun Cobalt RaQ 550 "message.cgi" Cross Site Scripting
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Oct 08 2003 - 04:07:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Sun Cobalt RaQ 550 "message.cgi" Cross Site Scripting
SECUNIA ADVISORY ID:
SA9955
VERIFY ADVISORY:
http://www.secunia.com/advisories/9955/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM:
Sun Cobalt RaQ 550
DESCRIPTION:
A vulnerability has been reported in Sun Cobalt RaQ 550 allowing
malicious people to conduct Cross Site Scripting.
The problem is that the "info" parameter in
"/cgi-bin/.cobalt/message/message.cgi" isn't properly verified
allowing malicious people to supply arbitrary URL encoded HTML and
script code.
SOLUTION:
Restrict access so that the Control Panel can only be accessed from
management stations.
REPORTED BY / CREDITS:
Lorenzo Hernandez Garcia-Hierro
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]