lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1137348779.7430.7.camel@localhost>
Date: Sun, 15 Jan 2006 19:12:58 +0100
From: oliver karow <oliver.karow@....de>
To: bugtraq@...urityfocus.com
Subject: Apache Geronimo 1.0 - CSS and persistent HTML-Injection
	vulnerabilities


Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities
========================================================================

Product:
========

Apache Geronimo is the J2EE server project of the Apache Software Foundation.

Version:
========

Apache Geronimo 1.0, Jetty 5.1.9 

Vulnerabilities
===============

The first one is a classical cross-site scripting in the
jsp-examples:

http://10.10.10.10:8080/jsp-examples/cal/cal2.jsp?time="/><script>alert('Gotcha')</script>

The second one is a persistant html-/script-Injection vulnerability
which is a little more critical than the first one:

The Web-Access-Log viewer does no filtering for html-/script-tags, and
therefore allows attacks against the user of the admin-console.

For example the request:

http://10.10.10.10:8080/script-that-dont-has-to-exist.jsp?foobar="/><script>alert(document.cookie)</script>

is stored without sanitizing inside the logfile and the script part is
executed, if the geronimo-admin is accessing the web-access-log-viewer.
An example attack can steal the current session-id of the admin, which
is stored as a cookie.

Vendor:
=======

URL: http://geronimo.apache.org
Bug: http://issues.apache.org/jira/browse/GERONIMO-1474
Fix: Upgrade to version 1.0.1 or 1.1

Discovered
==========

Oliver Karow
www.oliverkarow.de/research/geronimo_css.txt
13.01.2005



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ