ID

VAR-201111-0268


CVE

CVE-2011-4273


TITLE

GoAhead Webserver multiple stored XSS vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#384427

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. GoAhead Webserver contains multiple cross-site scripting vulnerabilities. GoAhead Webserver for, POST There is a problem with request processing and multiple cross-site scripting vulnerabilities exist.Arbitrary scripts may be executed on the user's web browser. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. GoAhead WebServer 2.18 is vulnerable; other versions may also be affected. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GoAhead WebServer Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks. 1) Input passed via the "group" POST parameter to goform/AddGroup (when "ok" is set to "OK") when adding a group is not properly sanitised before being used. 2) Input passed via the "url" POST parameter to goform/AddAccessLimit (when "ok" is set to "OK") when adding an access limit is not properly sanitised before being used. 3) Input passed via the "user" POST parameter to goform/AddUser (when "ok" is set to "OK") when adding a user is not properly sanitised before being used. The vulnerabilities are confirmed in version 2.1.8. SOLUTION: Update to version 2.5. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Silent Dream ORIGINAL ADVISORY: http://www.kb.cert.org/vuls/id/384427 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2011-4273 // CERT/CC: VU#384427 // JVNDB: JVNDB-2011-002375 // BID: 50039 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // PACKETSTORM: 107121

AFFECTED PRODUCTS

vendor:goaheadmodel:webserverscope:eqversion:2.1.8

Trust: 1.6

vendor:goaheadmodel: - scope: - version: -

Trust: 0.8

vendor:goaheadmodel:webserverscope:eqversion: -

Trust: 0.8

vendor:goaheadmodel:webserverscope:eqversion:2.18

Trust: 0.8

vendor:goaheadmodel:webserverscope: - version: -

Trust: 0.8

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.18

Trust: 0.3

sources: CERT/CC: VU#384427 // BID: 50039 // JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4273
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#384427
value: 0.49

Trust: 0.8

NVD: CVE-2011-4273
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201111-126
value: MEDIUM

Trust: 0.6

VULHUB: VHN-52218
value: MEDIUM

Trust: 0.1

VULMON: CVE-2011-4273
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4273
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-52218
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#384427 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-52218 // JVNDB: JVNDB-2011-002375 // NVD: CVE-2011-4273

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201110-169 // CNNVD: CNNVD-201111-126

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201110-169

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52218 // VULMON: CVE-2011-4273

PATCH

title:Webserver - GoAhead Softwareurl:http://www.dlink.com/products/?pid=DIR-685

Trust: 0.8

title:GoAhead Webserver Fixes for multiple cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206237

Trust: 0.6

sources: JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126

EXTERNAL IDS

db:NVDid:CVE-2011-4273

Trust: 3.7

db:CERT/CCid:VU#384427

Trust: 3.2

db:SECUNIAid:46894

Trust: 1.4

db:BIDid:50039

Trust: 1.1

db:JVNid:JVNVU95860308

Trust: 0.8

db:ICS CERTid:ICSA-22-242-03

Trust: 0.8

db:JVNDBid:JVNDB-2011-002375

Trust: 0.8

db:CNNVDid:CNNVD-201111-126

Trust: 0.7

db:CNNVDid:CNNVD-201110-169

Trust: 0.6

db:AUSCERTid:ESB-2022.4288

Trust: 0.6

db:EXPLOIT-DBid:36218

Trust: 0.2

db:EXPLOIT-DBid:36217

Trust: 0.1

db:EXPLOIT-DBid:36219

Trust: 0.1

db:VULHUBid:VHN-52218

Trust: 0.1

db:VULMONid:CVE-2011-4273

Trust: 0.1

db:PACKETSTORMid:107121

Trust: 0.1

sources: CERT/CC: VU#384427 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // BID: 50039 // JVNDB: JVNDB-2011-002375 // PACKETSTORM: 107121 // CNNVD: CNNVD-201110-169 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

REFERENCES

url:http://www.kb.cert.org/vuls/id/384427

Trust: 2.4

url:http://secunia.com/advisories/46894

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/70434

Trust: 1.2

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://jvn.jp/cert/jvnvu384427

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95860308/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4273

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-03

Trust: 0.8

url:http://www.securityfocus.com/bid/50039

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.4288

Trust: 0.6

url:http://www.goahead.com/webserver/webserver.htm

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/36218/

Trust: 0.1

url:http://secunia.com/advisories/46894/

Trust: 0.1

url:http://secunia.com/advisories/46894/#comments

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46894

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

sources: CERT/CC: VU#384427 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // BID: 50039 // JVNDB: JVNDB-2011-002375 // PACKETSTORM: 107121 // CNNVD: CNNVD-201110-169 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

CREDITS

Silent Dream

Trust: 0.9

sources: BID: 50039 // CNNVD: CNNVD-201110-169

SOURCES

db:CERT/CCid:VU#384427
db:VULHUBid:VHN-52218
db:VULMONid:CVE-2011-4273
db:BIDid:50039
db:JVNDBid:JVNDB-2011-002375
db:PACKETSTORMid:107121
db:CNNVDid:CNNVD-201110-169
db:CNNVDid:CNNVD-201111-126
db:NVDid:CVE-2011-4273

LAST UPDATE DATE

2024-08-14T12:19:36.680000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#384427date:2011-10-10T00:00:00
db:VULHUBid:VHN-52218date:2017-08-29T00:00:00
db:VULMONid:CVE-2011-4273date:2017-08-29T00:00:00
db:BIDid:50039date:2011-11-04T17:23:00
db:JVNDBid:JVNDB-2011-002375date:2022-09-01T07:05:00
db:CNNVDid:CNNVD-201110-169date:2011-10-12T00:00:00
db:CNNVDid:CNNVD-201111-126date:2022-09-01T00:00:00
db:NVDid:CVE-2011-4273date:2017-08-29T01:30:28.647

SOURCES RELEASE DATE

db:CERT/CCid:VU#384427date:2011-10-10T00:00:00
db:VULHUBid:VHN-52218date:2011-11-03T00:00:00
db:VULMONid:CVE-2011-4273date:2011-11-03T00:00:00
db:BIDid:50039date:2011-10-10T00:00:00
db:JVNDBid:JVNDB-2011-002375date:2011-10-17T00:00:00
db:PACKETSTORMid:107121date:2011-11-18T12:31:52
db:CNNVDid:CNNVD-201110-169date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201111-126date:2011-11-04T00:00:00
db:NVDid:CVE-2011-4273date:2011-11-03T10:55:08.937