Cisco IOS HTTP Server多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117230 漏洞类型 跨站脚本
发布时间 2009-01-14 更新时间 2009-06-19
CVE编号 CVE-2008-3821 CNNVD-ID CNNVD-200901-196
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32723
https://www.securityfocus.com/bid/33260
https://cxsecurity.com/issue/WLB-2009010032
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-196
|漏洞详情
CiscoIOS是美国思科(Cisco)公司为其网络设备开发的操作系统。如果CiscoIOS中启用了HTTPServer的话,攻击者就可以通过向服务器端二进制程序/脚本提交无效参数执行跨站脚本攻击。这类攻击可能导致替换目标管理界面,或将保密信息重新定向到非授权的第三方,例如,可以通过XMLHttpRequest对象修改/level/15/exec/-/show/run/CRURL所返回的数据。此外攻击者还可以通过跨站请求伪造攻击执行管理操作,例如注入指向/level/15/configure/-/enable/secret/newpass的img标签会将enable口令更改为newpass。
|漏洞EXP
source: http://www.securityfocus.com/bid/33260/info

Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301. 

http://www.example.com/ping?<script>alert("Running+code+within+the_context+of+"%2bdocument.domain)</script>
|受影响的产品
Cisco IOS 12.4XW Cisco IOS 12.4XV Cisco IOS 12.4XT Cisco IOS 12.4XK Cisco IOS 12.4XJ Cisco IOS 12.4XG Cisco IOS 12.4XE Cisco IOS 12.4XD
|参考资料

来源:XF
名称:cisco-ios-httpserver-ping-xss(47947)
链接:http://xforce.iss.net/xforce/xfdb/47947
来源:BID
名称:33260
链接:http://www.securityfocus.com/bid/33260
来源:BUGTRAQ
名称:20090114PR08-19:XSSonCiscoIOSHTTPServer
链接:http://www.securityfocus.com/archive/1/archive/1/500063/100/0/threaded
来源:MISC
链接:http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
来源:VUPEN
名称:ADV-2009-0138
链接:http://www.frsirt.com/english/advisories/2009/0138
来源:CISCO
名称:20090114CiscoIOSCross-SiteScriptingVulnerabilities
链接:http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html
来源:SECTRACK
名称:1021598
链接:http://securitytracker.com/id?1021598
来源:SREASON
名称:4916
链接:http://securityreason.com/securityalert/4916
来源:SECUNIA
名称:33461
链接:http://secunia.com/advisories/33461
来源:OSVDB
名称:51394
链接:http://osvdb.org/51394
来源:OSVDB
名称:51393
链接:http://osvdb.org/51393
来源:JVN
名称:JVN#28344798
链接:http://jvn.jp/en/jp/JVN28344798/index.html