4.3 - VU#960468

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Informations
Name	VU#960468	First vendor Publication	2012-08-06
Vendor	VU-CERT	Last vendor Modification	2012-08-06
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#960468

HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Original Release date: 06 Aug 2012 | Last revised: 06 Aug 2012

Overview

HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 (and possibly other versions) contain a file import facility which is vulnerable to cross-site scripting (XSS).

Description

The supplied facility for importing host data from a file (System Admin Tab | Network | Hosts | Import from Local File) to the HP Arcsight Connector or HP Arcsight Logger appliances fail to sanitize input for cross-site scripting attacks. An attacker with write access to the file that will be imported can add javascript code into the file. This code will be run in the security context of the appliance administrative web GUI when the file is imported.

Impact

A remote attacker may, by luring a user into importing a malicious host file, be able to disclose sensitive information, steal user cookies, or escalate privileges.

Solution

We are currently unaware of a practical solution to this problem.

Do not import host file from untrusted sources

Attackers must deliver a malicious host file to, or modify an existing file on, a vulnerable system in order to take advantage of this vulnerability. By only accessing host files, which cannot be modified by unprivileged users, from known and trusted sources the chances of exploitation are reduced.

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
Hewlett-Packard Company	Affected	02 May 2012	12 Jun 2012

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group	Score	Vector
Base	1.7	AV:L/AC:L/Au:S/C:N/I:P/A:N
Temporal	1.3	E:U/RL:U/RC:UC
Environmental	0.5	CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

http://www.arcsight.com/products/products-logger/
http://www.arcsight.com/products/products-connectors/

Credit

Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:CVE-2012-2960
Date Public:06 Aug 2012
Date First Published:06 Aug 2012
Date Last Updated:06 Aug 2012
Document Revision:11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/960468

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Hp Arcsight Connector Appliance cpe:2.3:h:hp:arcsight_connector_appliance:c5400:::::::* cpe:2.3:h:hp:arcsight_connector_appliance:c3400:::::::* cpe:2.3:h:hp:arcsight_connector_appliance:c1400:::::::*	3
Hardware	Hp Arcsight Logger Appliance cpe:2.3:h:hp:arcsight_logger_appliance:l7400-san:::::::*	1
Os	Hp Arcsight Connector Appliance Firmware cpe:2.3:o:hp:arcsight_connector_appliance_firmware:6.2.0.6244.0:::::::* cpe:2.3:o:hp:arcsight_connector_appliance_firmware:6.0.0.60023.2:::::::*	2
Os	Hp Arcsight Logger Appliance Firmware cpe:2.3:o:hp:arcsight_logger_appliance_firmware:5.2.0.6288.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-02-21	IAVM : 2013-B-0014 - Multiple Vulnerabilities in HP ArcSight Products Severity : Category I - VMSKEY : V0036904

Nessus® Vulnerability Scanner

Date	Description
2013-07-11	Name : A log collection and management system on the remote host has multiple vulner... File : arcsight_logger_5_3_local.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:08:18	Multiple Updates
2013-11-11 12:41:42	Multiple Updates
2013-05-11 00:57:30	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	7
IAVM(s)	1
Nessus® Exploit(s)	1

	Related
6.8	HPSBMU02836 SSR...
4.3	CVE-2012-2960
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)