Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server

From: sullo (sulloat_private)
Date: Tue Oct 01 2002 - 10:29:33 PDT

Next message: Gert-Jan Hagenaars: "Re: Solaris 2.6, 7, 8"

Previous message: Shin SHIRAHATA: "Re: Kondara MNU/Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It may be worth noting that the 2.0 and 2.1 releases are also
vulnerable, however 1.0 does not seem to be (getting worse, as 4.x
introduces a drop-down list of user names to choose from as well). 
Also, it runs on some systems on port 49400 and https on 2381 (as well
as the 2301 mentioned below).

As for a "3rd party software tool" flagging all web servers as
vulnerable, well... I can only answer for Nikto, but yes indeed it will
report a vulnerable system as vulnerable, as it does with the Compaq
server. Exploiting for "value" is another discussion entirely, but I do
get a nice popup by injecting javascript.

-Sullo

Taylor Huff wrote:
> Advisory name: XSS bug in Compaq Insight Manager Http server
> Application: Compaq Insight Manager Http server
> Date: 01.10.2002
> Impact: XSS code execution
> 
> [DESCRIPTION]
> XSS bug in Compaq Insight Manager Http server
> 
> [ISSUE]
> The Compaq Insight Manager Http server is vulnerable to the Cross Site 
> Scripting (XSS) vulnerability.  This vulnerability is caused by the 
> results returned to a user when a non-existing file is requested.  The 
> vulnerability would allow an attacker to make the server present another 
> user with malicious JavaScript/HTML code that is interpreted and 
> executed without the users knowledge (e.g. the result contains the 
> JavaScript provided in the request).  This vulnerability was identified 
> with a popular open-source vulnerability assessment tool and confirmed 
> using the following XSS test.
> 
> [XSS TEST]
> http:// IP>:2301/<script>alert('Test')</script>
> 
> [VERSIONS TESTED]
> CompaqHTTPServer/4.2
> CompaqHTTPServer/4.37
> 
> [SUPPORTING INFO]
> http://www.cert.org/advisories/CA-2000-02.html
> 
> [VENDOR RESPONSE]
> There is a 3rd party software tool that can be used for security 
> assessments that flags any web server as potentially having this 
> problem. Our web servers do not, to our knowledge, have this 
> vulnerability. We have investigated it but it is a non-issue for us. 
> This issue is just a 'potential vulnerability' rather than a 'for sure' 
> problem. In other words, the tool is guessing that all web servers can 
> have this problem.
> 
> Thank You,
> HP E-Services


___________________________________________________
http://www.cirt.net/
Home of Nikto

Next message: Gert-Jan Hagenaars: "Re: Solaris 2.6, 7, 8"
Previous message: Shin SHIRAHATA: "Re: Kondara MNU/Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 19:17:34 PDT