CVE-2014-2230
CVSS5.8
发布时间 :2014-10-23 10:55:02
修订时间 :2014-10-24 08:42:05
NMCPS    

[原文]Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.


[CNNVD]OpenX 开放重定向漏洞(CNNVD-201410-1234)

        

OpenX(前称phpAdsNew)是美国OpenX公司的一套开源的广告管理与跟踪系统。该系统提供一个横幅广告管理界面,支持电子邮件通知客户广告统计信息的功能。

OpenX 2.8.10及之前版本的adclick.php脚本中的‘header’函数中存在开放重定向漏洞,该漏洞源于adclick.php脚本没有充分过滤‘dest’参数;ck.php脚本没有充分过滤‘_maxdest’参数。远程攻击者可借助特制的URL利用该漏洞将用户重定向到任意Web站点,实施钓鱼攻击。

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openx:openx:2.8.10openx 2.8.10
cpe:/a:openx:openx:2.8openx 2.8
cpe:/a:openx:openx:2.8.1openx 2.8.1
cpe:/a:openx:openx:2.8.4openx 2.8.4
cpe:/a:openx:openx:2.8.2openx 2.8.2
cpe:/a:openx:openx:2.8.5openx 2.8.5
cpe:/a:openx:openx:2.8.8
cpe:/a:openx:openx:2.8.3openx 2.8.3
cpe:/a:openx:openx:2.8.6
cpe:/a:openx:openx:2.8.9
cpe:/a:openx:openx:2.8.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2230
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2230
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201410-1234
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/97621
(UNKNOWN)  XF  openx-cve20142230-open-redirect(97621)
http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2
(UNKNOWN)  MISC  http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2
http://seclists.org/fulldisclosure/2014/Oct/72
(UNKNOWN)  FULLDISC  20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability
http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html
(UNKNOWN)  MISC  http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html

- 漏洞信息

OpenX 开放重定向漏洞
中危
2014-10-24 00:00:00 2014-10-24 00:00:00
远程  
        

OpenX(前称phpAdsNew)是美国OpenX公司的一套开源的广告管理与跟踪系统。该系统提供一个横幅广告管理界面,支持电子邮件通知客户广告统计信息的功能。

OpenX 2.8.10及之前版本的adclick.php脚本中的‘header’函数中存在开放重定向漏洞,该漏洞源于adclick.php脚本没有充分过滤‘dest’参数;ck.php脚本没有充分过滤‘_maxdest’参数。远程攻击者可借助特制的URL利用该漏洞将用户重定向到任意Web站点,实施钓鱼攻击。

- 公告与补丁

        目前厂商暂未发布修复措施解决此安全问题,使用此软件的用户可参考非厂商提供的临时修复措施(仅供参考)或随时关注厂商主页以获取最终解决办法:
        http://openx.com/
        Nanyang Technological University提供的临时修复措施(仅供参考):
        https://github.com/kriwil/OpenX/blob/master/www/index.php

- 漏洞信息 (F128718)

OpenX 2.8.10 Open Redirect (PacketStormID:F128718)
2014-10-16 00:00:00
Jing Wang  
exploit,vulnerability
CVE-2014-2230
[点击下载]

OpenX version 2.8.10 suffers from multiple open redirection vulnerabilities.

Exploit Title: OpenX Open Redirect Vulnerability
Product: OpenX
Vendor:  OpenX
Vulnerable Versions: 2.8.10 and probably prior
Tested Version: 2.8.10
Advisory Publication: OCT 8, 2014
Latest Update:  OCT 8, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-2230
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]







Vulnerability Details:

OpenX adclick.php, ck.php, vulnerable to Open Redirect attacks.

Source code of adclick.php:
$destination = MAX_querystringGetDestinationUrl($adId[0]);
MAX_redirect($destination);

The "MAX_redirect" function is bellow,
function MAX_redirect($url)
{
if (!preg_match('/^(?:javascript|data):/i', $url)) {
header('Location: '.$url);
MAX_sendStatusCode(302);
}

The header() function sends a raw HTTP header to a client without any
checking of the "$dest" parameter at all.


(1) For "adclick.php", the vulnerability occurs with "&dest" parameter.


(2) For "ck.php", it uses "adclick.php" file. the vulnerability occurs with
"_maxdest" parameter.








Solutions:
2014-10-12 Public disclosure with self-written patch.


References:
https://github.com/kriwil/OpenX/blob/master/www/index.php
http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability/
http://www.openx.com
http://cwe.mitre.org
http://cve.mitre.org/


    

- 漏洞信息

OpenX CVE-2014-2230 Multiple Open Redirection Vulnerabilities
Input Validation Error 70603
Yes No
2014-10-08 12:00:00 2014-10-08 12:00:00
Wang Jing

- 受影响的程序版本

OpenX OpenX 2.8.8
OpenX OpenX 2.8.2
OpenX OpenX 2.8.1
OpenX OpenX 2.8.7
OpenX OpenX 2.8.6
OpenX OpenX 2.8.5
OpenX OpenX 2.8.4
OpenX OpenX 2.8.3
OpenX OpenX 2.8.0

- 漏洞讨论

OpenX is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

OpenX 2.8.10 and prior versions are vulnerable.

- 漏洞利用

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

- 解决方案

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站