Cisco IOS HTTP Server多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117343 漏洞类型 跨站脚本
发布时间 2009-02-04 更新时间 2009-02-06
CVE编号 CVE-2009-0470 CNNVD-ID CNNVD-200902-137
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32776
https://www.securityfocus.com/bid/80637
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-137
|漏洞详情
CiscoIOS是美国思科(Cisco)公司为其网络设备开发的操作系统。如果CiscoIOS中启用了HTTPServer的话,攻击者就可以通过向服务器端二进制程序/脚本提交无效参数执行跨站脚本攻击。这类攻击可能导致替换目标管理界面,或将保密信息重新定向到非授权的第三方,例如,可以通过XMLHttpRequest对象修改/level/15/exec/-/show/run/CRURL所返回的数据。此外攻击者还可以通过跨站请求伪造攻击执行管理操作,例如注入指向/level/15/configure/-/enable/secret/newpass的img标签会将enable口令更改为newpass。
|漏洞EXP
source: http://www.securityfocus.com/bid/33625/info

Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The attacker may also perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible.

Note that this issue may be related to an issue described in BID 33260 (Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities).

Cisco IOS 12.4(23) is vulnerable; other versions may also be affected.

http://www.example.com/level/15/exec/-/"><body onload=alert("bug")> http://www.example.com/exec/"><body onload="alert('bug');">
|受影响的产品
Cisco IOS 12.4(23)
|参考资料

来源:BID
名称:33625
链接:http://www.securityfocus.com/bid/33625
来源:BUGTRAQ
名称:20090204CiscoIOSXSS/CSRFVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/500674/100/0/threaded
来源:SECUNIA
名称:33844
链接:http://secunia.com/advisories/33844