Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


CacheFlow CacheOS Cross-site Scripting Vulnerability
.

  • To: bogus
  • Subject: CacheFlow CacheOS Cross-site Scripting Vulnerability
  • From: [EMAIL PROTECTED] (T.Suzuki)
  • Date: Thu, 25 Jul 2002 07:49:33 +0900
.
 
------------------------------------------------
CacheFlow CacheOS Cross-site Scripting Vulnerability
----------------------------------------------


Vulnerable Product
================

CacheFlow CacheOS

CA 4.1.06 and earlier.
 confirmed by
  CA 3.1.17, Release ID: 15403
  CA 4.0.14, Release ID: 17085
  CA 4.1.06, Release ID: 17757

unvulnerable: CacheOS V4.1.07
 (2002/07/15 Release)

Problems
===========

  CacheFlow neglect to escape the characters such as "<",">","&" in the path
  in the "unresolve" error messages, and pass the message to the browsers as
  HTML.
  
Impact
===========

  Browsers using vulnerable CacheFlow may send the private cookies to the
 attacker by the evil code such as
   http://dummy.example.com/<script>EVIL CODE</script> .

example
===========

Type 
http://nonexistent.example.com/<s>test</s>

Error

Problem Report
The system detected an Unresolved Host Name while attempting to retrieve
the URL: http://nonexistent.example.com/test. <- strike through on test
Message ID
UNRESOLVED_HOSTNAME

Solution
==========
A. Make safe custom error pages
B. Update to CacheOS V4.1.07

Reference
===========
http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm

--
T.Suzuki
  Reflection Inc. / Chukyo University
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.