| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030507021440.83528.qmail@web40909.mail.yahoo.com> Date: Tue, 6 May 2003 19:14:40 -0700 (PDT) From: Dave Palumbo <dpalumbo@...oo.com> To: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org Subject: [VulnDiscuss] XSS In Neoteris IVE Allows Session Hijacking --------------------------------------------------------------------------------------------------- -=<sMax. Security Advisory>=- Advisory Title: Cross-Site Scripting (XSS) in Neoteris IVE Allows Session Hijacking Release Date: May 7, 2003 Product: Neoteris Instant Virtual Extranet (IVE), Versions 3.01 and Prior Overall Risk: Medium CVE Candidate: CAN-2003-0217 --------------------------------------------------------------------------------------------------- PRODUCT OVERVIEW: Neoteris Instant Virtual Extranet (IVE) is an appliance-based remote access solution that is accessed via a standard web browser. The Neoteris IVE is one of the more well known "clientless VPN" solutions, and in fact boasts an impressive, growing list of customers (see http://www.neoteris.com for more information). Once authenticated to the remote network via the IVE, a user can theoretically access all internal resources, provided the Neoteris box is configured accordingly. Quoting from the company website, "The Neoteris IVE has always provided a means to remote access with a dramatically lower Total Cost of Ownership vs. traditional methods like VPN or dial. The IVE also enhances security, by eliminating open-ended, network layer connections. The security of the IVE has been verified by a several well-known independent security authorities." VULNERABILITY: A cross-site scripting (XSS) vulnerability exists in Neoteris IVE v3.01 and prior. An argument passed to a CGI script does not properly validate input. It has been confirmed that exploiting this vulnerability can lead to a legitimate user's session being hijacked, bypassing any authentication. SOLUTION: I would like to thank Neoteris for their cooperation in developing a remediation for this vulnerability. A patch has been released for v3.01 and prior. In addition, this issue has been fixed in v3.1. Patch and new version release information is available for customers at https://support.neoteris.com. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0217 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Special thanks to DW (shall I say greetz?) for his invaluable help with these issues. - Dave Palumbo __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Powered by blists - more mailing lists