ID

VAR-201112-0166


CVE

CVE-2011-2461


TITLE

Adobe Flex SDK Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-003176

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Adobe Flex SDK 4.5.1 and prior versions are affected. Provide your organization, distributed enterprise or managedservice offering with an intuitive, powerful way to rapidly deploy andcentrally manage SonicWall solutions, with SonicWall GMS. Get more valuefrom your firewall, secure remote access, anti-spam, and backup and recoverysolutions with enhanced network security monitoring and robust networksecurity reporting. By deploying GMS in an enterprise, you can minimizeadministrative overhead by streamlining security appliance deploymentand policy management.Dell SonicWALL GMS versions 8.1 and below are compiled witha vulnerable version of Adobe Flex SDK allowing for same-originrequest forgery and cross-site content hijacking.Tested on: SonicWALLMySQL/5.0.96-community-ntApache-Coyote/1.1Apache Tomcat 6.0.41. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Flex Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flex, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to SWF files developed using the framework is not properly sanitised before being returned to the user. SOLUTION: Apply patches (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB11-25): http://www.adobe.com/support/security/bulletins/apsb11-25.html http://kb2.adobe.com/cps/915/cpsid_91544.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This is actually a Flex bug. (CVE-2011-2461) which can lead to Same-Origin Request Forgery and Cross-Site Content Hijacking. Although adobe patched this bug, it is possible to exploit it in fully patched browsers with the latest version of Adobe Flash Player; CVE-2011-2461 is best explained by Mindedsecurity at http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html This also leads to a Flash XSS in some older browsers. an attacker will create a malicious HTML page and embed the vulneable flash. When successfully exploited a Same Origin Request Forgery attack allows a malicious web site to perform arbitrary requests to the vulnerable site, and read its response without restrictions. You can test vulnerable flash files with https://github.com/ikkisoft/ParrotNG/ Vulnerable files: http://[magento_url]/skin/adminhtml/default/default/media/editor.swf http://[magento_url]/skin/adminhtml/default/default/media/Uploader.swf http://[magento_url]/skin/adminhtml/default/default/media/UploaderSingle.swf

Trust: 2.25

sources: NVD: CVE-2011-2461 // JVNDB: JVNDB-2011-003176 // BID: 50869 // ZSL: ZSL-2016-5390 // VULMON: CVE-2011-2461 // PACKETSTORM: 107464 // PACKETSTORM: 131376

AFFECTED PRODUCTS

vendor:adobemodel:flex sdkscope:eqversion:4.5.1

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:4.5

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:4.1

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:4.0

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:3.6

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:3.5

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:3.4

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:3.3

Trust: 1.9

vendor:adobemodel:flex sdkscope:eqversion:3.4.1

Trust: 1.6

vendor:adobemodel:flex sdkscope:eqversion:3.5a

Trust: 1.6

vendor:adobemodel:flex sdkscope:eqversion:3.0.1

Trust: 1.3

vendor:adobemodel:flex sdkscope:eqversion:3.0

Trust: 1.0

vendor:adobemodel:flex sdkscope:eqversion:3.2

Trust: 1.0

vendor:adobemodel:flex sdkscope:eqversion:3.1

Trust: 1.0

vendor:hitachimodel:ucosminexus eur print managerscope:eqversion:- report server

Trust: 0.8

vendor:hitachimodel:hirdb realtime monitorscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/it service level managementscope:eqversion:- manager

Trust: 0.8

vendor:hitachimodel:jp1/it resource managementscope:eqversion:- manager

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:- manager

Trust: 0.8

vendor:adobemodel:flex sdkscope:eqversion:4.6

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:device managerscope:eqversion:software

Trust: 0.8

vendor:adobemodel:flex sdkscope:eqversion:3.x

Trust: 0.8

vendor:adobemodel:flex sdkscope:ltversion:4.x

Trust: 0.8

vendor:hitachimodel:ucosminexus stream data platformscope:eqversion:- application framework

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:it operations analyzerscope: - version: -

Trust: 0.8

vendor:hpmodel:systems insight managerscope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:systems insight manager updatescope:eqversion:5.31

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.1

Trust: 0.3

vendor:hpmodel:systems insight manager sp6scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp5scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp3scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:4.2

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:4.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:4.2

Trust: 0.3

vendor:adobemodel:flex sdkscope:eqversion:3.0.2

Trust: 0.3

vendor:adobemodel:flash builderscope:eqversion:4.5

Trust: 0.3

vendor:hpmodel:systems insight managerscope:neversion:7.0

Trust: 0.3

vendor:adobemodel:flash builderscope:neversion:4.6

Trust: 0.3

vendor:dellmodel:sonicwall global management systemscope:eqversion:8.1

Trust: 0.1

vendor:dellmodel:sonicwall global management systemscope:eqversion:8.0 sp1 build 8048.1410

Trust: 0.1

vendor:dellmodel:sonicwall global management systemscope:eqversion:flow server virtual appliance

Trust: 0.1

sources: ZSL: ZSL-2016-5390 // BID: 50869 // JVNDB: JVNDB-2011-003176 // CNNVD: CNNVD-201111-525 // NVD: CVE-2011-2461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2461
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-2461
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201111-525
value: MEDIUM

Trust: 0.6

ZSL: ZSL-2016-5390
value: (3/5)

Trust: 0.1

VULMON: CVE-2011-2461
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-2461
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: ZSL: ZSL-2016-5390 // VULMON: CVE-2011-2461 // JVNDB: JVNDB-2011-003176 // CNNVD: CNNVD-201111-525 // NVD: CVE-2011-2461

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-003176 // NVD: CVE-2011-2461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-525

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 107464 // CNNVD: CNNVD-201111-525

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003176

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2016-5390

PATCH

title:APSB11-25url:http://www.adobe.com/support/security/bulletins/apsb11-25.html

Trust: 0.8

title:APSB11-25url:http://www.adobe.com/jp/support/security/bulletins/apsb11-25.html

Trust: 0.8

title:HS12-004url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-004/index.html

Trust: 0.8

title:HS12-005url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html

Trust: 0.8

title:HS12-006url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-006/index.html

Trust: 0.8

title:HS12-008url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-008/index.html

Trust: 0.8

title:HS12-001url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html

Trust: 0.8

title:HPSBMU02769 SSRT100846url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151

Trust: 0.8

title:HS12-008url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-008/index.html

Trust: 0.8

title:HS12-001url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-001/index.html

Trust: 0.8

title:HS12-004url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-004/index.html

Trust: 0.8

title:HS12-005url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html

Trust: 0.8

title:HS12-006url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-006/index.html

Trust: 0.8

title:flex_sdk_4.6url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41913

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2015/03/24/borked_adobe_flash_files_expose_worlds_most_popular_sites/

Trust: 0.2

title:BurpExtensionsurl:https://github.com/alexlauerman/BurpExtensions

Trust: 0.1

title:top-burpsuite-plugins-extensionsurl:https://github.com/Elsfa7-110/top-burpsuite-plugins-extensions

Trust: 0.1

title:CrossSiteContentHijackingurl:https://github.com/nccgroup/CrossSiteContentHijacking

Trust: 0.1

title:magento-swf-patched-CVE-2011-2461url:https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461

Trust: 0.1

title:bappstore_listurl:https://github.com/awc/bappstore_list

Trust: 0.1

title:ParrotNGurl:https://github.com/ikkisoft/ParrotNG

Trust: 0.1

title:BURPurl:https://github.com/marz-hunter/BURP

Trust: 0.1

title:awesome-burp-extensionsurl:https://github.com/snoopysecurity/awesome-burp-extensions

Trust: 0.1

title:CVE-2011-2461_Magento_Patchurl:https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch

Trust: 0.1

title:awesome-burp-extensionsurl:https://github.com/noname1007/awesome-burp-extensions

Trust: 0.1

title:Security-Research-Tutorialsurl:https://github.com/danieldizzy/Security-Research-Tutorials

Trust: 0.1

title:webapp-techurl:https://github.com/cranelab/webapp-tech

Trust: 0.1

sources: VULMON: CVE-2011-2461 // JVNDB: JVNDB-2011-003176 // CNNVD: CNNVD-201111-525

EXTERNAL IDS

db:NVDid:CVE-2011-2461

Trust: 3.0

db:SECUNIAid:47053

Trust: 1.8

db:PACKETSTORMid:131376

Trust: 1.2

db:BIDid:50869

Trust: 1.0

db:JVNDBid:JVNDB-2011-003176

Trust: 0.8

db:NSFOCUSid:18262

Trust: 0.6

db:CNNVDid:CNNVD-201111-525

Trust: 0.6

db:PACKETSTORMid:140302

Trust: 0.1

db:CXSECURITYid:WLB-2016120167

Trust: 0.1

db:ZSLid:ZSL-2016-5390

Trust: 0.1

db:VULMONid:CVE-2011-2461

Trust: 0.1

db:PACKETSTORMid:107464

Trust: 0.1

sources: ZSL: ZSL-2016-5390 // VULMON: CVE-2011-2461 // BID: 50869 // JVNDB: JVNDB-2011-003176 // PACKETSTORM: 107464 // PACKETSTORM: 131376 // CNNVD: CNNVD-201111-525 // NVD: CVE-2011-2461

REFERENCES

url:http://www.adobe.com/support/security/bulletins/apsb11-25.html

Trust: 2.2

url:http://kb2.adobe.com/cps/915/cpsid_91544.html

Trust: 1.8

url:http://secunia.com/advisories/47053

Trust: 1.7

url:http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Trust: 1.2

url:http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Trust: 1.2

url:http://packetstormsecurity.com/files/131376/magento-ecommerce-vulnerable-adobe-flex-sdk.html

Trust: 1.1

url:https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2461

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2461

Trust: 0.8

url:http://www.securityfocus.com/bid/50869

Trust: 0.7

url:http://www.nsfocus.net/vulndb/18262

Trust: 0.6

url:http://opensource.adobe.com/wiki/display/flexsdk/flex+sdk

Trust: 0.3

url:https://support.sonicwall.com/product-notification/215257?productname=sonicwall%20gms

Trust: 0.1

url:https://github.com/ikkisoft/parrotng

Trust: 0.1

url:https://packetstormsecurity.com/files/140302

Trust: 0.1

url:https://cxsecurity.com/issue/wlb-2016120167

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/120215

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://github.com/alexlauerman/burpextensions

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47053

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/47053/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/47053/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2461

Trust: 0.1

url:http://[magento_url]/skin/adminhtml/default/default/media/uploader.swf

Trust: 0.1

url:https://github.com/ikkisoft/parrotng/

Trust: 0.1

url:http://[magento_url]/skin/adminhtml/default/default/media/editor.swf

Trust: 0.1

url:http://[magento_url]/skin/adminhtml/default/default/media/uploadersingle.swf

Trust: 0.1

sources: ZSL: ZSL-2016-5390 // VULMON: CVE-2011-2461 // BID: 50869 // JVNDB: JVNDB-2011-003176 // PACKETSTORM: 107464 // PACKETSTORM: 131376 // CNNVD: CNNVD-201111-525 // NVD: CVE-2011-2461

CREDITS

Adobe

Trust: 0.9

sources: BID: 50869 // CNNVD: CNNVD-201111-525

SOURCES

db:ZSLid:ZSL-2016-5390
db:VULMONid:CVE-2011-2461
db:BIDid:50869
db:JVNDBid:JVNDB-2011-003176
db:PACKETSTORMid:107464
db:PACKETSTORMid:131376
db:CNNVDid:CNNVD-201111-525
db:NVDid:CVE-2011-2461

LAST UPDATE DATE

2024-08-14T15:24:57.221000+00:00


SOURCES UPDATE DATE

db:ZSLid:ZSL-2016-5390date:2017-01-29T00:00:00
db:VULMONid:CVE-2011-2461date:2017-11-09T00:00:00
db:BIDid:50869date:2012-05-01T17:21:00
db:JVNDBid:JVNDB-2011-003176date:2013-03-27T00:00:00
db:CNNVDid:CNNVD-201111-525date:2011-12-02T00:00:00
db:NVDid:CVE-2011-2461date:2017-11-09T02:29:00.277

SOURCES RELEASE DATE

db:ZSLid:ZSL-2016-5390date:2016-12-29T00:00:00
db:VULMONid:CVE-2011-2461date:2011-12-01T00:00:00
db:BIDid:50869date:2011-11-30T00:00:00
db:JVNDBid:JVNDB-2011-003176date:2011-12-02T00:00:00
db:PACKETSTORMid:107464date:2011-12-01T09:03:32
db:PACKETSTORMid:131376date:2015-04-10T21:52:38
db:CNNVDid:CNNVD-201111-525date:1900-01-01T00:00:00
db:NVDid:CVE-2011-2461date:2011-12-01T11:55:06.410