Details of VAR-201111-0268

ID

VAR-201111-0268

CVE

CVE-2011-4273

TITLE

GoAhead Webserver multiple stored XSS vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#384427

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. GoAhead Webserver contains multiple cross-site scripting vulnerabilities. GoAhead Webserver for, POST There is a problem with request processing and multiple cross-site scripting vulnerabilities exist.Arbitrary scripts may be executed on the user's web browser. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. GoAhead WebServer 2.18 is vulnerable; other versions may also be affected. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GoAhead WebServer Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks. 1) Input passed via the "group" POST parameter to goform/AddGroup (when "ok" is set to "OK") when adding a group is not properly sanitised before being used. 2) Input passed via the "url" POST parameter to goform/AddAccessLimit (when "ok" is set to "OK") when adding an access limit is not properly sanitised before being used. 3) Input passed via the "user" POST parameter to goform/AddUser (when "ok" is set to "OK") when adding a user is not properly sanitised before being used. The vulnerabilities are confirmed in version 2.1.8. SOLUTION: Update to version 2.5. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Silent Dream ORIGINAL ADVISORY: http://www.kb.cert.org/vuls/id/384427 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2011-4273 // CERT/CC: VU#384427 // JVNDB: JVNDB-2011-002375 // BID: 50039 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // PACKETSTORM: 107121

AFFECTED PRODUCTS

vendor:	goahead	model:	webserver	scope:	eq	version:	2.1.8	Trust: 1.6
vendor:	goahead	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	goahead	model:	webserver	scope:	eq	version:	-	Trust: 0.8
vendor:	goahead	model:	webserver	scope:	eq	version:	2.18	Trust: 0.8
vendor:	goahead	model:	webserver	scope:	-	version:	-	Trust: 0.8
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.18	Trust: 0.3

sources: CERT/CC: VU#384427 // BID: 50039 // JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4273
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#384427
value:	0.49
Trust: 0.8
NVD:	CVE-2011-4273
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201111-126
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-52218
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-4273
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4273
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-52218
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#384427 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-52218 // JVNDB: JVNDB-2011-002375 // NVD: CVE-2011-4273

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201110-169 // CNNVD: CNNVD-201111-126

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201110-169

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52218 // VULMON: CVE-2011-4273

PATCH

title:	Webserver - GoAhead Software	url:	http://www.dlink.com/products/?pid=DIR-685	Trust: 0.8
title:	GoAhead Webserver Fixes for multiple cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206237	Trust: 0.6

sources: JVNDB: JVNDB-2011-002375 // CNNVD: CNNVD-201111-126

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4273	Trust: 3.7
db:	CERT/CC	id:	VU#384427	Trust: 3.2
db:	SECUNIA	id:	46894	Trust: 1.4
db:	BID	id:	50039	Trust: 1.1
db:	JVN	id:	JVNVU95860308	Trust: 0.8
db:	ICS CERT	id:	ICSA-22-242-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-002375	Trust: 0.8
db:	CNNVD	id:	CNNVD-201111-126	Trust: 0.7
db:	CNNVD	id:	CNNVD-201110-169	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4288	Trust: 0.6
db:	EXPLOIT-DB	id:	36218	Trust: 0.2
db:	EXPLOIT-DB	id:	36217	Trust: 0.1
db:	EXPLOIT-DB	id:	36219	Trust: 0.1
db:	VULHUB	id:	VHN-52218	Trust: 0.1
db:	VULMON	id:	CVE-2011-4273	Trust: 0.1
db:	PACKETSTORM	id:	107121	Trust: 0.1

sources: CERT/CC: VU#384427 // VULHUB: VHN-52218 // VULMON: CVE-2011-4273 // BID: 50039 // JVNDB: JVNDB-2011-002375 // PACKETSTORM: 107121 // CNNVD: CNNVD-201110-169 // CNNVD: CNNVD-201111-126 // NVD: CVE-2011-4273

REFERENCES

url:	http://www.kb.cert.org/vuls/id/384427	Trust: 2.4
url:	http://secunia.com/advisories/46894	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/70434	Trust: 1.2
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu384427	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu95860308/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4273	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-03	Trust: 0.8
url:	http://www.securityfocus.com/bid/50039	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.4288	Trust: 0.6
url:	http://www.goahead.com/webserver/webserver.htm	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/36218/	Trust: 0.1
url:	http://secunia.com/advisories/46894/	Trust: 0.1
url:	http://secunia.com/advisories/46894/#comments	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=46894	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1

CREDITS

Silent Dream

Trust: 0.9

sources: BID: 50039 // CNNVD: CNNVD-201110-169

SOURCES

db:	CERT/CC	id:	VU#384427
db:	VULHUB	id:	VHN-52218
db:	VULMON	id:	CVE-2011-4273
db:	BID	id:	50039
db:	JVNDB	id:	JVNDB-2011-002375
db:	PACKETSTORM	id:	107121
db:	CNNVD	id:	CNNVD-201110-169
db:	CNNVD	id:	CNNVD-201111-126
db:	NVD	id:	CVE-2011-4273

LAST UPDATE DATE

2024-08-14T12:19:36.680000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#384427	date:	2011-10-10T00:00:00
db:	VULHUB	id:	VHN-52218	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2011-4273	date:	2017-08-29T00:00:00
db:	BID	id:	50039	date:	2011-11-04T17:23:00
db:	JVNDB	id:	JVNDB-2011-002375	date:	2022-09-01T07:05:00
db:	CNNVD	id:	CNNVD-201110-169	date:	2011-10-12T00:00:00
db:	CNNVD	id:	CNNVD-201111-126	date:	2022-09-01T00:00:00
db:	NVD	id:	CVE-2011-4273	date:	2017-08-29T01:30:28.647

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#384427	date:	2011-10-10T00:00:00
db:	VULHUB	id:	VHN-52218	date:	2011-11-03T00:00:00
db:	VULMON	id:	CVE-2011-4273	date:	2011-11-03T00:00:00
db:	BID	id:	50039	date:	2011-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2011-002375	date:	2011-10-17T00:00:00
db:	PACKETSTORM	id:	107121	date:	2011-11-18T12:31:52
db:	CNNVD	id:	CNNVD-201110-169	date:	1900-01-01T00:00:00
db:	CNNVD	id:	CNNVD-201111-126	date:	2011-11-04T00:00:00
db:	NVD	id:	CVE-2011-4273	date:	2011-11-03T10:55:08.937