Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Accoria Rock Web Server contains multiple vulnerabilities
Informations
Name VU#245081 First vendor Publication 2010-06-01
Vendor VU-CERT Last vendor Modification 2010-06-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#245081

Accoria Rock Web Server contains multiple vulnerabilities

Overview

Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface.

I. Description

The Accoria web server, also known as Rock Web Server, contains several cross-site scripting (XSS) and cross-site request forgery (XSRF) vulnerabilities. Directory traversal and format string vulnerabilities exist as well. The getenv sample code contains an XSS vulnerability when viewed by Internet Explorer 6 or other web browsers that do not follow RFC 2616 Section 7.2.1. Generated cookies appear to be weak and predictable, which may allow an attacker to bypass authentication.

Further details are available from the IOActive security advisory.

II. Impact

A remote and unauthenticated attacker may be able to execute commands in the context of the web server administrator.

III. Solution

Apply an update

The vendor recommends all users upgrade to version 1.5.2 or later.

Restrict access

Appropriate firewall rules should be set up to limit access to the web server's administration interface to only trusted sources.

XSRF protection

To avoid XSRF attacks, do not click on links from untrusted sources while logged into the administration interface.

Vendor Information

VendorStatusDate NotifiedDate Updated
Accoria NetworksAffected2010-06-22

References

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf
http://tools.ietf.org/html/rfc2616#section-7.2.1

Credit

Thank you to Ilja van Sprundel of IOActive for researching and reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

Date Public:2010-05-19
Date First Published:2010-06-01
Date Last Updated:2010-06-22
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:3.10
Document Revision:24

Original Source

Url : http://www.kb.cert.org/vuls/id/245081

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
20 % CWE-310 Cryptographic Issues
20 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
20 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
20 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
65526 Accoria Web Server servercfg.cgi dns Parameter XSS

Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'dns' parameter upon submission to the 'servercfg.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
65525 Accoria Web Server httpdcfg.cgi name Parameter XSS

Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' parameter upon submission to the 'httpdcfg.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
65524 Accoria Web Server loadstatic.cgi desc Parameter XSS

Accoria Web Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'desc' parameter upon submission to the 'loadstatic.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
65523 Accoria Web Server getenv Sample Program Query String XSS

65522 Accoria Web Server authcfg.cgi User Account Creation CSRF

Accoria Web Server contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as create arbitrary users with administrative privileges. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
65521 Accoria Web Server loadstatic.cgi name Parameter Traversal Arbitrary File Access

Accoria Web Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'loadstatic.cgi' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'name' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
65520 Accoria Web Server Predictable httpmod-sessionid Cookie Session Hijack Weakness

65519 Accoria Web Server authcfg.cgi path Parameter Remote Format String