Netcharts Server分块编码信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1203062 漏洞类型 缓冲区溢出
发布时间 2003-02-18 更新时间 2003-12-31
CVE编号 CVE-2003-1415 CNNVD-ID CNNVD-200312-418
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-418
|漏洞详情
NetChartsXBRLServer是一款数据可视化服务,可以把数据生成图表、图形、报告等信息。Netcharts服务器不正确处理非法分块编码HTTP请求,远程攻击者可以利用这个漏洞获得服务器部分敏感信息。Netcharts服务器对非法分块编码的查询应答存在不可预料的不同步行为,攻击者连接目标机器,提交多个恶意请求,可使服务器返回部分敏感信息,利用这些信息可对系统进行进一步攻击。
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability ]--

- --[ Type

Information Leakage

- --[ Release Date

March 17, 2003

- --[ Product / Vendor

NetCharts XBRL Server 4.0 is a data visualization service that generates
charts and graphs, tables, and reports. It can be used alone or

in conjunction with any web infrastructure from the simplest CGI scripts
to the most sophisticated Enterprise Application Server.

Any data source?
   - Oracle
   - Sybase
   - Any JDBC
   - Any ODBC: Excel, Access, SQL Server
   - Legacy systems
   - XBRL
   - XML
   - ?and others

Anyhow, anywhere?
   - TIFF, BMP, JPEG
   - Java Applets
   - Flash, PDF, HTML pages
   - J2EE
   - COM / ASP / .NET
   - Cold Fusion
   - ?and more

http://www.visualmining.com

- --[ Summary

A client may connect to the target machine and deliver several requests
with an invalid chunked encoded body.

The potential for information leakage is great but the risk is mitigated
somewhat by the unpredictability of the query-response
desynchronisation. Depending on the target site this may be somewhat
exploitable by a malicious user to redirect other users to a

specific response by saturating the communcation channels with a desired
response.

==================== SNIP ====================

GET /index.jsp HTTP/1.1
Host: victim.com
Transfer-Encoding: Chunked

53636f7474

==================== SNIP ====================

Related:
Recently disclosured advisory:
http://online.securityfocus.com/bid/6320

- --[ Tested

Netcharts XBRL Server v4.0.0 for Windows 2000

- --[ Vulnerable

Netcharts XBRL Server v4.0.0 for Windows 2000

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal
use of any of the information and/or the software listed on this

security advisory.

- --[ Author

Tamer Sahin
ts (at) securityoffice (dot) net [email concealed]
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback (at) securityoffice (dot) net [email concealed]

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is

attributed to SecurityOffice and provided that such reproduction and distribution
is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPnXY7fpL5ibJRTtBAQGXHAf/aFEOVrmg+j6Jv9gLKjagsKaoxU+BvVLq
2pQ70Am/UaPTQizUmHGaLKY0X+VsZD256HLqXnmtk9QFcTXh+aZVJxIW+T8M1FFj
NgKNTVqECC8NnXiBVpo2SNJZEX77ufgBvOohAXuaI5mtZ6YuzRt8NpcC0+2phMOS
bXRgfGZCNXCtzvNoKjL1miEiJHnwDuNRHP4ISTKhVRSOPZhVDatYnY/QoKWUvwAu
n7O5WoW5tWLmVTcTdmcxa+qXVjbei+IdYIay7xFJvzwJz86/G0aD9ERrn9oVcdQw
1hG2oZkqWMJZyvnQhtlWWIr5GCjTSgIVzvc83UtSsN9Cr5IRw2hBbw==
=5zfY
-----END PGP SIGNATURE-----
|参考资料

来源:XF
名称:netcharts-chunked-encoding-bo(11345)
链接:http://xforce.iss.net/xforce/xfdb/11345
来源:BID
名称:6877
链接:http://www.securityfocus.com/bid/6877
来源:BUGTRAQ
名称:20030218[SecurityOffice]NetchartsXBRLServerv4.0.0InformationLeakageVulnerability
链接:http://www.securityfocus.com/archive/1/312187
来源:SECUNIA
名称:8091
链接:http://secunia.com/advisories/8091
来源:SREASON
名称:3261
链接:http://securityreason.com/securityalert/3261
来源:NSFOCUS
名称:4422
链接:http://www.nsfocus.net/vulndb/4422