Executive Summary
Summary | |
---|---|
Title | Accoria Rock Web Server contains multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#245081 | First vendor Publication | 2010-06-01 |
Vendor | VU-CERT | Last vendor Modification | 2010-06-22 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#245081Accoria Rock Web Server contains multiple vulnerabilitiesOverviewAccoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface.I. DescriptionThe Accoria web server, also known as Rock Web Server, contains several cross-site scripting (XSS) and cross-site request forgery (XSRF) vulnerabilities. Directory traversal and format string vulnerabilities exist as well. The getenv sample code contains an XSS vulnerability when viewed by Internet Explorer 6 or other web browsers that do not follow RFC 2616 Section 7.2.1. Generated cookies appear to be weak and predictable, which may allow an attacker to bypass authentication.Further details are available from the IOActive security advisory. The vendor recommends all users upgrade to version 1.5.2 or later.
Referenceshttp://www.ioactive.com/pdfs/AccoriaWebServer.pdf Thank you to Ilja van Sprundel of IOActive for researching and reporting these vulnerabilities. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/245081 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
20 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
20 % | CWE-310 | Cryptographic Issues |
20 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
20 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
20 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65526 | Accoria Web Server servercfg.cgi dns Parameter XSS Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'dns' parameter upon submission to the 'servercfg.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
65525 | Accoria Web Server httpdcfg.cgi name Parameter XSS Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' parameter upon submission to the 'httpdcfg.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
65524 | Accoria Web Server loadstatic.cgi desc Parameter XSS Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'desc' parameter upon submission to the 'loadstatic.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
65523 | Accoria Web Server getenv Sample Program Query String XSS |
65522 | Accoria Web Server authcfg.cgi User Account Creation CSRF Accoria Web Server contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as create arbitrary users with administrative privileges. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
65521 | Accoria Web Server loadstatic.cgi name Parameter Traversal Arbitrary File Access Accoria Web Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'loadstatic.cgi' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'name' parameter. This directory traversal attack would allow the attacker to access arbitrary files. |
65520 | Accoria Web Server Predictable httpmod-sessionid Cookie Session Hijack Weakness |
65519 | Accoria Web Server authcfg.cgi path Parameter Remote Format String |