Vulnerability 11532 - CERT Civis.Net

Vulnerability Name:

CCN-11532

Published:

2003-03-04

Updated:

2003-03-04

Summary:

Multiple vendor Web servers and Web log analyzers are vulnerable to cross-site scripting, caused by improper filtering of HTML tags from log entries. A remote attacker could include malicious script or HTML code within a log entry, which would be executed in the victim's Web browser within the security context of the hosting site, once the log entry is viewed.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue Mar 04 2003 - 11:39:52 CST
Log corruption on multiple webservers, log analyzers,...

Source: CCN
Type: BID-7013
WebTrends Analysis Suite Logfile HTML Injection Vulnerability

Source: CCN
Type: BID-7014
SurfStats Log Analyzer Logfile HTML Injection Vulnerability

Source: CCN
Type: BID-7016
WebLog Expert Logfile HTML Injection Vulnerability

Source: CCN
Type: BID-7017
iPlanet Log Analyzer Logfile HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
log-analyzers-xss(11532)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*

Denotes that component is vulnerable