Novell Teaming 'web/guest/home'跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117586 漏洞类型 跨站脚本
发布时间 2009-04-15 更新时间 2009-04-23
CVE编号 CVE-2009-1294 CNNVD-ID CNNVD-200904-342
漏洞平台 Java CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32909
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-342
|漏洞详情
NovellTeaming是专为团队协同作业而设计的解决方案,内含各种企业社区网络与工作流程功能。NovellTeaming没有正确地验证或转义p_p_state和p_p_mode参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/34531/info

Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities.

A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.

The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Novell Teaming 1.0.3 is vulnerable; other versions may also be affected. 

https://www.example.com/web/guest/home?p_p_id=82&p_p_action=1&p_p_state=%3Cscript%3Ealert('xss+vulnerability')%3C/script%3E&p_p_mode=view&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&_82_struts_action=%2Flanguage%2Fview&_82_languageId=de_DE
|参考资料

来源:www.novell.com
链接:http://www.novell.com/support/php/search.do?cmd=displayKC&doc
来源:MISC
链接:https://www.sec-consult.com/files/20090415-0-novell-teaming.txt
来源:VUPEN
名称:ADV-2009-1048
链接:http://www.vupen.com/english/advisories/2009/1048
来源:SECTRACK
名称:1022063
链接:http://www.securitytracker.com/id?1022063
来源:BID
名称:34531
链接:http://www.securityfocus.com/bid/34531
来源:BUGTRAQ
名称:20090415SECConsultSA-20090415-0::MultipleVulnerabilitiesinNovellTeaming
链接:http://www.securityfocus.com/archive/1/archive/1/502704/100/0/threaded
来源:SECUNIA
名称:34714
链接:http://secunia.com/advisories/34714