CVE-2003-0621
CVSS5.0
发布时间 :2003-12-01 00:00:00
修订时间 :2016-10-17 22:35:56
NMCOES    

[原文]The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.


[CNNVD]BEA Tuxedo and WebLogic企业输入验证漏洞(CNNVD-200312-004)

        BEA Tuxedo 8.1以及之前的版本的管理控制台存在漏洞。远程攻击者借助INIFILE参数的恶意路径确定Web根目录外的文件是否存在。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:5.0.1::enterprise
cpe:/a:bea:tuxedo:7.1BEA Systems Tuxedo 7.1
cpe:/a:bea:tuxedo:8.0BEA Systems Tuxedo 8.0
cpe:/a:bea:tuxedo:6.3BEA Systems Tuxedo 6.3
cpe:/a:bea:tuxedo:8.1BEA Systems Tuxedo 8.1
cpe:/a:bea:tuxedo:6.4BEA Systems Tuxedo 6.4
cpe:/a:bea:tuxedo:6.5BEA Systems Tuxedo 6.5
cpe:/a:bea:weblogic_server:4.2::enterprise
cpe:/a:bea:weblogic_server:5.1::enterprise

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0621
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0621
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-004
(官方数据源) CNNVD

- 其它链接及资源

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
(VENDOR_ADVISORY)  CONFIRM  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
http://marc.info/?l=bugtraq&m=106762000607681&w=2
(UNKNOWN)  BUGTRAQ  20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
http://www.securityfocus.com/bid/8931
(VENDOR_ADVISORY)  BID  8931
http://xforce.iss.net/xforce/xfdb/13559
(UNKNOWN)  XF  bea-tuxedo-file-disclosure(13559)

- 漏洞信息

BEA Tuxedo and WebLogic企业输入验证漏洞
中危 输入验证
2003-12-01 00:00:00 2005-10-20 00:00:00
远程  
        BEA Tuxedo 8.1以及之前的版本的管理控制台存在漏洞。远程攻击者借助INIFILE参数的恶意路径确定Web根目录外的文件是否存在。

- 公告与补丁

        The vendor has released fixes to address this issue. Please see the referenced advisory (BEA03-38.00) for more information.
        For Tuxedo 8.1:
        Apply Rolling Patch 62 or later.
        For all other releases:
        pgrade to Tuxedo 8.1 or Contact BEA Customer Support to request a fix for the
        release you are using.

- 漏洞信息 (23312)

BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 Input Validation Vulnerability (EDBID:23312)
cgi remote
2003-10-30 Verified
0 Corsaire Limited
N/A [点击下载]
source: http://www.securityfocus.com/bid/8931/info

A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input. This issue may allow an attacker to carry out attacks such as denial of service, file disclosure, and cross-site scripting.

An attacker may be able to determine the existence of a file outside the web server root by supplying passing various path values for INIFILE.

A denial of service condition could be caused in the software by providing a device name such as CON, AUX, COM1, COM2 instead of a valid file name as one of the arguments for INIFILE. This may cause the service to crash or hang.

A cross-site scripting vulnerability has also been reported to exist in the software due to insufficient santization of user-supplied input to INIFILE. This problem presents itself when an invalid file name is supplied as an argument for INIFILE. This vulnerability could be exploited to steal cookie-based credentials. Other attacks are possible as well. 

http://www.example.com/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=<script>alert('XSS')</script> 		

- 漏洞信息

2741
BEA Admin Console INIFILE Validation Issues

- 漏洞描述

The Bea Tuxedo and WebLogic Enterprise administration console contains a flaw that allows an unauthenticated remote user to determine whether a given local file exists, perform a XSS attack, and potentially crash the server process. This flaw exists because the application does not validate the INIFILE variable upon submission to the admin console CGI script. This could allow a user to create a specially crafted URL that would execute arbitrary code in an administrative user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2003-10-30 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 8.1 and apply Rolling Patch 62, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. If upgrading to 8.1 is not possible, contact the vendor for a patch specific to your version.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BEA Tuxedo and WebLogic Enterprise Input Validation Vulnerability
Input Validation Error 8931
No No
2003-10-30 12:00:00 2009-07-12 05:56:00
The disclosure of this issue has been credited to Corsaire Limited.

- 受影响的程序版本

BEA Systems WebLogic Enterprise 5.1
BEA Systems WebLogic Enterprise 5.0.1
BEA Systems WebLogic Enterprise 4.2
BEA Systems Tuxedo 8.1
BEA Systems Tuxedo 8.0
BEA Systems Tuxedo 7.1
BEA Systems Tuxedo 6.5
BEA Systems Tuxedo 6.4
BEA Systems Tuxedo 6.3

- 漏洞讨论

A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input. This issue may allow an attacker to carry out attacks such as denial of service, file disclosure, and cross-site scripting.

An attacker may be able to determine the existence of a file outside the web server root by supplying passing various path values for INIFILE.

A denial of service condition could be caused in the software by providing a device name such as CON, AUX, COM1, COM2 instead of a valid file name as one of the arguments for INIFILE. This may cause the service to crash or hang.

A cross-site scripting vulnerability has also been reported to exist in the software due to insufficient santization of user-supplied input to INIFILE. This problem presents itself when an invalid file name is supplied as an argument for INIFILE. This vulnerability could be exploited to steal cookie-based credentials. Other attacks are possible as well.

- 漏洞利用

The following proof of concept has been provided:

http://www.example.com/udataobj/webgui/cgi-bin/tuxadm.exe?INIFILE=&lt;script&gt;alert('XSS')&lt;/script&gt;

- 解决方案

The vendor has released fixes to address this issue. Please see the referenced advisory (BEA03-38.00) for more information.

For Tuxedo 8.1:
Apply Rolling Patch 62 or later.

For all other releases:
pgrade to Tuxedo 8.1 or Contact BEA Customer Support to request a fix for the
release you are using.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站