Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[sec-adv] Microsoft ISA Server 2000 Cross Site Scripting
.

  • To: [EMAIL PROTECTED]
  • Subject: [sec-adv] Microsoft ISA Server 2000 Cross Site Scripting
  • From: Secunia Security Advisories <[EMAIL PROTECTED]>
  • Date: Tue, 20 May 2003 14:21:12 +0200
.
 
TITLE:
Microsoft ISA Server 2000 Cross Site Scripting

READ ONLINE:
http://www.secunia.com/advisories/8812/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Microsoft ISA Server 2000

DESCRIPTION:
A vulnerability has been identified in Microsoft ISA Server 2000
allowing malicious HTML documents to conduct Cross Site Scripting
against arbitrary sites.

The problem is that the data supplied in the "VIA" header is returned
in an error page without being sanitised, when ISA Server fails to
connect to the remote host. 

By creating a malicious document, which uses the ActiveX Object
"Microsoft.XMLHTTP" to conduct a specially crafted request for any
other website to a closed port, it is possible to read cookies and
more. This is possible to do because JavaScript and other client side
scripting injected in the "VIA" header will be executed in the client
as if it originated from the requested site.

An exploit has been released.

SOLUTION:
Modify the error pages in the folder "ErrorHtmls" so that the "VIA"
header and other irrelevant information isn't returned to the client
(see the following Microsoft document for further information):

http://www.microsoft.com/technet/prodtechnol/isa/proddocs/isadocs/CMT_HTMLError.asp

It is good security practise to only allow ActiveX and client side
scripting from trusted sites.

REPORTED BY / CREDITS:
Hugo Vazquez Carames & Toni Cortes Martinez

ORIGINAL ADVISORY:
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/ISA_Server_XSS/index.htm

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web	: http://www.secunia.com/
E-mail	: [EMAIL PROTECTED]
Tel	: +44 (0) 20 7016 2693
Fax	: +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://www.secunia.com/sec_adv_unsubscribe/[EMAIL PROTECTED]

----------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.