CVE-2002-0354
CVSS5.0
发布时间 :2002-06-25 00:00:00
修订时间 :2016-10-17 22:19:43
NMCOS    

[原文]The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.


[CNNVD]Mozilla / Netscape 6 XMLHttpRequest文件泄露漏洞(CNNVD-200206-084)

        
        Mozilla是一款免费开放源代码的WEB浏览器,运行在多种Linux和Unix操作系统下,也可运行在MacOS和Microsoft Windows 9x/ME/NT/2000/XP操作系统下,Netscape是另一个款运行在多种系统平台下的流行的WEB浏览器。
        Mozilla和Netscape 6在处理HTTP重定向到XMLHttpRequest对象时存在漏洞,可导致远程攻击者查看目标用户系统上的任意文件内容。
        XMLHttpRequest对象允许一客户端机器通过HTTP请求获得XML文档。如果服务器响应这个HTTP请求重定向到用户本地的文件,就可以绕过安全检查并使文件可访问,造成敏感信息泄露。这可通过使用'open'模式打开一个重定向本地文件的WEB页面完成。
        据报告,此问题也存在load模式使用在由DOMImplementation接口的createDocument模式建立的XML文档。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:mozilla:0.9.9Mozilla Mozilla 0.9.9
cpe:/a:mozilla:mozilla:0.9.7Mozilla Mozilla 0.9.7
cpe:/a:netscape:navigator:6.1Netscape Netscape 6.1
cpe:/a:mozilla:mozilla:1.0:rc1
cpe:/a:mozilla:mozilla:1.0:rc2
cpe:/a:netscape:navigator:6.2Netscape Netscape 6.2
cpe:/a:mozilla:mozilla:1.0:rc3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0354
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0354
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-084
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=102017952204097&w=2
(UNKNOWN)  BUGTRAQ  20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)
http://marc.info/?l=ntbugtraq&m=102020343728766&w=2
(UNKNOWN)  NTBUGTRAQ  20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)

- 漏洞信息

Mozilla / Netscape 6 XMLHttpRequest文件泄露漏洞
中危 设计错误
2002-06-25 00:00:00 2005-10-20 00:00:00
远程  
        
        Mozilla是一款免费开放源代码的WEB浏览器,运行在多种Linux和Unix操作系统下,也可运行在MacOS和Microsoft Windows 9x/ME/NT/2000/XP操作系统下,Netscape是另一个款运行在多种系统平台下的流行的WEB浏览器。
        Mozilla和Netscape 6在处理HTTP重定向到XMLHttpRequest对象时存在漏洞,可导致远程攻击者查看目标用户系统上的任意文件内容。
        XMLHttpRequest对象允许一客户端机器通过HTTP请求获得XML文档。如果服务器响应这个HTTP请求重定向到用户本地的文件,就可以绕过安全检查并使文件可访问,造成敏感信息泄露。这可通过使用'open'模式打开一个重定向本地文件的WEB页面完成。
        据报告,此问题也存在load模式使用在由DOMImplementation接口的createDocument模式建立的XML文档。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 不要用浏览器随意浏览不可信站点和页面。
        厂商补丁:
        Mozilla
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Mozilla Browser 0.9.7:
        Mozilla Upgrade mozilla-source-1.0.rc1.tar.gz
        
        http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.0rc1/src/mozilla-source-1.0.rc1.tar.gz

        Fixed if date is later than May 02, 2002.
        Mozilla Browser 0.9.8:
        Mozilla Upgrade mozilla-source-1.0.rc1.tar.gz
        
        http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.0rc1/src/mozilla-source-1.0.rc1.tar.gz

        Fixed if date is later than May 02, 2002.
        Mozilla Browser 0.9.9:
        Mozilla Upgrade mozilla-source-1.0.rc1.tar.gz
        
        http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.0rc1/src/mozilla-source-1.0.rc1.tar.gz

        Fixed if date is later than May 02, 2002.
        Mozilla Browser 1.0 RC1:
        Mozilla Upgrade mozilla-source-1.0.rc1.tar.gz
        
        http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.0rc1/src/mozilla-source-1.0.rc1.tar.gz

        Fixed if date is later than May 02, 2002.
        Netscape
        --------
        目前Netscape厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.netscape.com

- 漏洞信息

14199
Multiple Browser XMLHttpRequest responseText Property Arbitrary File / Directory Access
Remote / Network Access Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

- 时间线

2002-04-30 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
Design Error 4628
Yes No
2002-04-30 12:00:00 2009-07-11 12:46:00
Discovered by GreyMagic Software <security@greymagic.com>.

- 受影响的程序版本

Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6
Sun Solaris 2.5_x86
Sun Solaris 2.5
Sun Solaris 2.4_x86
Sun Solaris 2.4
Netscape Netscape 6.2.2
Netscape Netscape 6.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Netscape Netscape 6.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Netscape Netscape 6.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Mozilla Browser 1.0 RC1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
Mozilla Browser 0.9.9
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Mozilla Browser 0.9.8
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.7
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
IBM AIX 4.3.3
IBM AIX 4.3.2
IBM AIX 4.3.1
IBM AIX 4.3
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.24
HP HP-UX 10.20
HP HP-UX 10.10
Galeon Browser 1.2.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
Galeon Browser 1.2
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Eazel Nautilus 1.0.4
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ Slackware Linux 8.0
Compaq Tru64 5.1 a
Compaq Tru64 5.1
Compaq Tru64 5.0 a
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f
Mozilla Browser 1.0 RC2
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0

- 不受影响的程序版本

Mozilla Browser 1.0 RC2
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0

- 漏洞讨论

An issue exists in handling of HTTP redirects in the XMLHttpRequest object used by Mozilla and Netscape 6.

The XMLHttpRequest object allows a client machine to obtain an XML document through a HTTP request. If the server response to this request is a redirect to a local file, script security measures are bypassed and the file is accessed. This could lead to a disclosure of sensitive information to remote attackers.

This vulnerability may also be used to list files in folders, potentially allowing all files that the user of the browser has access to being listed.

It has been reported that this issue also exists with the load method applied to XML documents created with the createDocument method of the DOMImplementation interface.

Some updates have been released for both Nautilus and Galeon, which have source common to the Mozilla project. The vulnerability of these products has not, however, been independantly confirmed.

- 漏洞利用

The following exploit is provided by GreyMagic Software &lt;security@greymagic.com&gt;:

http://sec.greymagic.com/adv/gm001-ns/

An exploit for the document.load method has been provided by Thor Larholm &lt;Thor@jubii.dk&gt;:

http://jscript.dk/2002/4/NS6Tests/documentload.html

- 解决方案

This issue has been resolved in Mozilla 1.0RC1 builds dated later than May 02, 2002.

Vendor updates are also available:


Mozilla Browser 0.9.7

Mozilla Browser 0.9.8

Mozilla Browser 0.9.9

Mozilla Browser 1.0 RC1

Eazel Nautilus 1.0.4

Galeon Browser 1.2

Galeon Browser 1.2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站