|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA19180] BlueDragon Server Cross-Site Scripting and Denial of Service
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jun 23 2006 - 08:17:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
BlueDragon Server Cross-Site Scripting and Denial of Service
SECUNIA ADVISORY ID:
SA19180
VERIFY ADVISORY:
http://secunia.com/advisories/19180/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, DoS
WHERE:
From remote
SOFTWARE:
BlueDragon Server 6.x
http://secunia.com/product/10621/
BlueDragon Server JX 6.x
http://secunia.com/product/10622/
DESCRIPTION:
Secunia Research has discovered two vulnerabilities in BlueDragon
Server/Server JX, which can be exploited by malicious people to
conduct cross-site scripting attacks and cause a DoS (Denial of
Service).
1) An error exists within the handling of HTTP requests containing an
MS-DOS device name with the ".cfm" extension. This can be exploited to
cause the service to stop responding to requests for ".cfm" files.
Examples:
http://[host]/con.cfm
http://[host]/aux.cfm
http://[host]/com1.cfm
http://[host]/com2.cfm
Successful exploitation using com1.cfm and com2.cfm requires that the
system has serial ports installed. The vendor has reported that the
"cfml" extension is also affected.
2) Input passed in the URL is not properly sanitised before being
returned to the user in the default error page. This can be exploited
to execute arbitrary HTML and script code in a user's browser session
in context of an affected site.
Examples:
http://[host]/[code].cfm
http://[host]/[code].cfml
The vulnerabilities have been confirmed in the following versions:
* BlueDragon Server for Windows version 6.2.1.286 with IIS 5.0
connector installed.
* BlueDragon Server JX for Windows version 6.2.1.286 with IIS 5.0
connector installed.
SOLUTION:
Filter malicious characters and character sequences in a proxy or
firewall with URL filtering capabilities.
The vendor will reportedly release a fix in June. This has not been
confirmed.
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2006-18/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]