Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Tyler Technologies TaxWeb contains multiple vulnerabilities
Name VU#911678 First vendor Publication 2013-10-25
Vendor VU-CERT Last vendor Modification 2013-10-28
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#911678

Tyler Technologies TaxWeb contains multiple vulnerabilities

Original Release date: 25 Oct 2013 | Last revised: 28 Oct 2013


Tyler Technologies TaxWeb and possibly earlier versions contain cross-site request forgery (CWE-352), information exposure (CWE-203), and reflected cross-site scripting (CWE-79) vulnerabilities.


CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-6018

TaxWeb contains a cross-site request forgery vulnerability on the login.jsp pages. An attacker can send a constructed webpage link to a previously authenticated user to make an unauthorized change to their password.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2013-6019

TaxWeb contains a reflected cross-site scripting vulnerability that can allow an attacker to inject arbitrary HTML content (including script) via the vulnerable query string parameter accountNum.

CWE-203: Information Exposure Through Discrepancy - CVE-2013-6020

TaxWeb also contains an information exposure vulnerability. The Assessor, Recorder, and Treasurer applications in TaxWeb allow a user to recover their password via their respective passwordRequestPOST.jsp pages. The responses for a valid and invalid username differ, which may allow an attacker to derive valid usernames in a brute-force attempt. Valid usernames return with an HTTP 302 Found response, whereas an invalid username returns an HTTP 200 OK response.

The attacker may also utilize a similar vulnerability in the Treasurer application. When the attacker sends an invalid search request to the search application, the response exposes the query structure to the malicious user which can leak unauthorized sensitive information.

The CVSS score below reflects CVE-2013-6020.


A remote unauthenticated attacker can conduct a cross-site scripting or cross-site request forgery attack, which could be used make unauthorized changes to user credentials or inject arbitrary HTML content (including script) into a web page presented to the user. JavaScript can be used to steal authentication cookies or other sensitive information. An attacker may also be able to brute-force user credentials due to the information exposure vulnerability.


We are currently unaware of a practical solution to this problem.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Tyler TechnologiesAffected10 Sep 201320 Sep 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • http://cwe.mitre.org/data/definitions/79.html
  • http://cwe.mitre.org/data/definitions/352.html
  • http://cwe.mitre.org/data/definitions/203.html
  • http://www.tylertech.com/solutions-products/eagle-product-suite/product-information


Thanks to CAaNES LLC for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

  • CVE IDs:CVE-2013-6018CVE-2013-6019CVE-2013-6020
  • Date Public:25 Oct 2013
  • Date First Published:25 Oct 2013
  • Date Last Updated:28 Oct 2013
  • Document Revision:26


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/911678

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-200 Information Exposure
25 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
25 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 1

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-11-11 13:36:14
  • Multiple Updates
2013-10-29 13:21:56
  • Multiple Updates
2013-10-28 17:20:34
  • Multiple Updates
2013-10-28 13:22:23
  • Multiple Updates
2013-10-25 17:18:22
  • First insertion