lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 05 Apr 2012 11:11:34 +0100
From: Florent Daigniere <>
Subject: [MATTA-2012-001] CVE-2012-1301; 0day;
 Open Proxy vulnerability in Umbraco 4.7

We don't release 0days... except when vendors show no interest in fixing
their their bugs.

Have fun.

Hash: SHA256

	Matta Consulting - Matta Advisory

         Umbraco Open Proxy Vulnerability

Advisory ID: MATTA-2012-001
CVE reference: CVE-2012-1301
Affected platforms: Umbraco
Version: 4.x 
Date: 2012-January-26
Security risk: High
Vulnerability: Umbraco bundles a script behaving like an open-proxy
Researcher: Florent Daigniere
Vendor Status: Notified
Vulnerability Disclosure Policy:
Permanent URL:


Vulnerable installations of Umbraco allow unauthenticated users to
 abuse the script FeedProxy.aspx into proxying requests on their
 behalf through the "url" parameter.


Anyone with access to the management interface of umbraco can abuse
 FeedProxy script into proxying requests for them.

The impact of such vulnerability is difficult to measure and depends
 on the specifics of the deployment. Typically, this can allow
 attackers to connect to other systems, bypassing controls or be
 abused to trick users and browsers into performing actions they
 wouldn't otherwise consider (XSS, phishing, ...).

This particular vulnerability can also be abused to create a powerful
 Denial of Service: a single recursive proxy-request will take the
 application server down and, depending on the configuration of the
 server, might severely affect unrelated services.

Versions affected:

Umbraco version 4.7.0 tested.

Threat mitigation

Matta consultants recommend deleting the FeedProxy script or
 upgrading umbraco to version 5+.


This vulnerability was discovered and researched by Florent Daigniere
 from Matta Consulting.


26-01-12 initial discovery
21-02-12 initial attempt to contact the vendor
24-02-12 second attempt to contact the vendor
27-02-12 third attempt to contact the vendor
27-02-12 response from the vendor \o/
27-02-12 draft of this advisory is sent to the vendor
29-02-12 CVE-2012-1301 is assigned
05-04-12 publication of the advisory

About Matta

Matta is a privately held company with Headquarters in London, and a
 European office in Amsterdam.   Established in 2001, Matta operates
 in Europe, Asia, the Middle East and North America using a respected
 team of senior consultants.  Matta is an accredited provider of
 Tiger Scheme training; conducts regular research and is the developer
 behind the webcheck application scanner, and colossus network scanner.

Disclaimer and Copyright

Copyright (c) 2012 Matta Consulting Limited. All rights reserved.
This advisory may be distributed as long as its distribution is
 free-of-charge and proper credit is given.

The information provided in this advisory is provided "as is" without
 warranty of any kind. Matta Consulting disclaims all warranties, either
 express or implied, including the warranties of merchantability and
 fitness for a particular purpose. In no event shall Matta Consulting or
 its suppliers be liable for any damages whatsoever including direct,
 indirect, incidental, consequential, loss of business profits or
 special damages, even if Matta Consulting or its suppliers have been
 advised of the possibility of such damages.
Version: GnuPG v1.4.12 (GNU/Linux)


Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists