Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP ArcSight Connector Appliance XSS vulnerability
Informations
Name VU#122054 First vendor Publication 2011-07-15
Vendor VU-CERT Last vendor Modification 2011-07-15
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#122054

HP ArcSight Connector Appliance XSS vulnerability

Overview

ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).

I. Description

Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for "Microsoft OS Version". In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again.

For example, the following javascript code can be injected into the "Windows XP" variable of the exported file:

...,"Windows XP<script> alert('XSS')</script>","en_US"

II. Impact

An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.

III. Solution

Apply an Update

ArcSight Connector Appliance version 6.1 addresses this vulnerability.

Vendor Information

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected2011-04-292011-06-28

References

Credit

Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2011-07-15
Date First Published:2011-07-15
Date Last Updated:2011-07-15
CERT Advisory: 
CVE-ID(s):CVE-2011-0770
NVD-ID(s):CVE-2011-0770
US-CERT Technical Alerts: 
Severity Metric:4.59
Document Revision:24

Original Source

Url : http://www.kb.cert.org/vuls/id/122054

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
73977 ArcSight Connector Appliance Windows Event Log SmartConnector Exported Report...

73880 ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Ve...

ArcSight Connector Appliance contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Microsoft OS Version' field upon submission to the Windows Event Log SmartConnector. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.