http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270791,00.htm By Patrick Gray, ZDNet Australia 19 December 2002 Securiteam.com, an online security portal, have found a Cross-Site Scripting (XSS) vulnerability in the cisco.com Web site, according to an advisory. "The vulnerability would allow attackers to cause users to view third-party malicious JavaScript or HTML code as if it were the legitimate content offered by Cisco," the advisory said. XSS vulnerabilities are at their most serious when user logins are involved. They may in some circumstances make it possible for an attacker to "steal" a user’s session information, potentially allowing them to login as the victim user. It is not known if Cisco, which does have a client login function on their Web site, is vulnerable to this extent. "Session theft" attack types are not very easy to carry out, and must be directed at the user of the affected site, not the site itself. The Cisco Web site login function allows users to "…place and manage orders for Cisco networking products and services via the Internet". Logged in customers can also download versions of Cisco’s IOS software not normally available to the public. XSS vulnerabilities have become quite "in vogue" lately, with many security researchers focusing their efforts in detection and elimination of the security problem. The recently held hacking competition, OpenHack IV, dished out US$500 to a single entrant, Jeremy Poteet, who found XSS vulnerabilities in the application being tested, which was engineered by Oracle. Cisco were unable to comment at the time of writing. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 20:08:09 PST