CVE-2005-1374
CVSS6.8
发布时间 :2005-05-03 00:00:00
修订时间 :2016-10-17 23:19:28
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.


[CNNVD]Claroline E-Learning应用多个远程输入验证漏洞(CNNVD-200505-867)

        Claroline E-Learning Application是一种基于Web网络教学系统。
        Claroline在处理用户请求时存在多个输入验证漏洞,远程攻击者可能利用这些漏洞非授权操作数据库,在用户浏览器中执行恶意代码,造成信息泄露或数据破坏。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:claroline:claroline:1.6_beta
cpe:/a:claroline:claroline:1.5.3
cpe:/a:claroline:claroline:1.6_rc1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1374
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1374
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-867
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111464607103407&w=2
(UNKNOWN)  BUGTRAQ  20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline
http://securitytracker.com/id?1013822
(VENDOR_ADVISORY)  SECTRACK  1013822
http://www.claroline.net/news.php#85
(VENDOR_ADVISORY)  CONFIRM  http://www.claroline.net/news.php#85
http://www.securityfocus.com/bid/13407
(VENDOR_ADVISORY)  BID  13407
http://xforce.iss.net/xforce/xfdb/20295
(VENDOR_ADVISORY)  XF  claroline-multiple-scripts-xss(20295)

- 漏洞信息

Claroline E-Learning应用多个远程输入验证漏洞
中危 跨站脚本
2005-05-03 00:00:00 2006-06-15 00:00:00
远程  
        Claroline E-Learning Application是一种基于Web网络教学系统。
        Claroline在处理用户请求时存在多个输入验证漏洞,远程攻击者可能利用这些漏洞非授权操作数据库,在用户浏览器中执行恶意代码,造成信息泄露或数据破坏。

- 公告与补丁

        暂无数据

- 漏洞信息

16520
Claroline exercise_result.php XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Claroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the exercise_result.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2005-04-27 2005-04-18
Unknow Unknow

- 解决方案

Upgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Claroline E-Learning Application Multiple Remote Input Validation Vulnerabilities
Input Validation Error 13407
Yes No
2005-04-27 12:00:00 2009-07-12 02:06:00
Sieg Fried <Siegfried@zone-h.org> is credited with the discovery of these issues.

- 受影响的程序版本

Dokeos Open Source Learning & Knowledge Management Tool 1.5.5
Claroline Claroline 1.6 rc1
Claroline Claroline 1.6 beta
Claroline Claroline 1.5.3
Dokeos Open Source Learning & Knowledge Management Tool 1.6 RC2
Claroline Claroline 1.6
Claroline Claroline 1.5.4

- 不受影响的程序版本

Dokeos Open Source Learning & Knowledge Management Tool 1.6 RC2
Claroline Claroline 1.6
Claroline Claroline 1.5.4

- 漏洞讨论

Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.

Multiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.

An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.

**Update: Dokeos, which is based on claroline source code, is also prone to come of these issues.

- 漏洞利用

No exploit is required to leverage any of these issues. The following proof of concepts have been provided:

Cross-site scripting proof of concepts:
http:///www.example.com/claroline/tracking/toolaccess_details.php?tool=%3Cscript%3Ealert('xss');%3C/script%3E
http:///www.example.com/claroline/tracking/user_access_details.php?cmd=doc&amp;data=%3Cscript%3Ealert('xss');%3C/script%3E
http:///www.example.com/claroline/calendar/myagenda.php?coursePath=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

SQL Injection proof of concepts:
http:///www.example.com/claroline/user/userInfo.php?uInfo=-1%20UNION%20SELECT%20username,password,0,0,0,0,0%20from%20user%20where%20user_id=1/*
http:///www.example.com/claroline/tracking/exercises_details.php?exo_id=-1/**/UNION/**/SELECT%200,password,username,0,0,0%20from%20user%20where%20user_id=1--

- 解决方案

The vendor has released upgrades dealing with these issues.


Claroline Claroline 1.5.3

Dokeos Open Source Learning & Knowledge Management Tool 1.5.5

Claroline Claroline 1.6 rc1

Claroline Claroline 1.6 beta

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站