Sign-up

ID

VAR-201207-0071


CVE

CVE-2012-3238


TITLE

Astaro Security Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-003034

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Astaro Security Gateway 8.304 is vulnerable; other versions may also be affected. Inshell Security Advisory http://www.inshell.net/ 1. CREDITS ---------- This vulnerability was discovered and researched by Julien Ahrens from Inshell Security. 3. 4. The vulnerability is located in the backup-function of the software: Vulnerable Module(s): +Management -> Backup/Restore Parameter: "Comment (optional)" The input field "Comment (optional)" is shown on the "Available backups" view after successful creation of a new backup and is also included into the backup-file itself. Due to improper input - validation of this input field, an attacker could permanently inject arbitrary code with required user interaction into the context of the firewall-interface. Successful exploitation of the vulnerability allows for example cookie theft, session hijacking or server side context manipulation. 5. PROOF-OF-CONCEPT (CODE / EXPLOIT) ------------------------------------ An attacker needs to force the victim to import an arbitrary backup-file. The victim does not need to apply the backup, only the import is required to exploit the vulnerability. For further information (screenshots, PoCs etc.) visit: http://security.inshell.net/advisory/27 6. SOLUTION ----------- Update to v8.305. 7. REPORT TIMELINE ------------------ 2012-05-12: Initial notification sent to vendor 2012-05-12: Vendor response 2012-05-12: Vulnerability details reported to vendor 2012-05-15: Vendor acknowledgement 2012-05-31: Vendor releases Update / Fix 2012-06-10: Coordinated public release of advisory 8. REFERENCES ------------- http://www.astaro.com/en-uk/blog/up2date/8305 http://security.inshell.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.07

sources: NVD: CVE-2012-3238 // JVNDB: JVNDB-2012-003034 // BID: 53939 // VULHUB: VHN-56519 // PACKETSTORM: 113501

AFFECTED PRODUCTS

vendor:sophosmodel:unified threat management softwarescope:lteversion:8.3

Trust: 1.0

vendor:astaromodel:security gatewayscope:eqversion:*

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:425

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:220

Trust: 1.0

vendor:astaromodel:security gateway softwarescope:lteversion:8.3

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:525

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:625

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:120

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:320

Trust: 1.0

vendor:sophosmodel:unified threat managementscope:eqversion:110

Trust: 1.0

vendor:astaromodel:security gatewayscope:ltversion: -

Trust: 0.8

vendor:astaromodel:security gateway softwarescope:ltversion:8.305

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:110

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:120

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:220

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:320

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:425

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:525

Trust: 0.8

vendor:sophosmodel:utmscope:eqversion:625

Trust: 0.8

vendor:sophosmodel:utm softwarescope:ltversion:8.305

Trust: 0.8

vendor:sophosmodel:unified threat management softwarescope:eqversion:8.3

Trust: 0.6

vendor:astaromodel:security gatewayscope:eqversion:8.304

Trust: 0.3

vendor:astaromodel:security gatewayscope:eqversion:8.300

Trust: 0.3

vendor:astaromodel:security gatewayscope:eqversion:8.1

Trust: 0.3

vendor:astaromodel:security gatewayscope:neversion:8.305

Trust: 0.3

sources: BID: 53939 // JVNDB: JVNDB-2012-003034 // CNNVD: CNNVD-201206-302 // NVD: CVE-2012-3238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3238
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3238
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201206-302
value: MEDIUM

Trust: 0.6

VULHUB: VHN-56519
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3238
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56519
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56519 // JVNDB: JVNDB-2012-003034 // CNNVD: CNNVD-201206-302 // NVD: CVE-2012-3238

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-56519 // JVNDB: JVNDB-2012-003034 // NVD: CVE-2012-3238

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201206-302

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 113501 // CNNVD: CNNVD-201206-302

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003034

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-56519

PATCH
title:Up2Date 8.305 Releasedurl:http://www.astaro.com/en-uk/blog/up2date/8305
Trust: 0.8
title:Sophos UTMurl:http://www.sophos.com/ja-jp/products/unified/utm.aspx
Trust: 0.8
title:Top Pageurl:http://www.sophos.com/ja-jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003034

EXTERNAL IDS
db:NVDid:CVE-2012-3238
Trust: 2.9
db:BIDid:53939
Trust: 1.0
db:JVNDBid:JVNDB-2012-003034
Trust: 0.8
db:CNNVDid:CNNVD-201206-302
Trust: 0.7
db:FULLDISCid:20120610 [CVE-2012-3238] ASTARO SECURITY GATEWAY <= V8.304 PERSISTENT CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:113501
Trust: 0.2
db:VULHUBid:VHN-56519
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56519 // 
            
            
            
            BID: 53939 // 
            
            
            
            JVNDB: JVNDB-2012-003034 // 
            
            
            
            PACKETSTORM: 113501 // 
            
            
            
            CNNVD: CNNVD-201206-302 // 
            
            
            
            NVD: CVE-2012-3238

REFERENCES
url:http://www.astaro.com/en-uk/blog/up2date/8305
Trust: 2.1
url:http://security.inshell.net/advisory/27
Trust: 2.1
url:http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3238
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3238
Trust: 0.8
url:http://www.securityfocus.com/bid/53939
Trust: 0.6
url:http://www.astaro.com/
Trust: 0.3
url:/archive/1/523075
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-3238
Trust: 0.1
url:http://security.inshell.net
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
url:https://www.sophos.com
Trust: 0.1
url:http://www.inshell.net/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56519 // 
            
            
            
            BID: 53939 // 
            
            
            
            JVNDB: JVNDB-2012-003034 // 
            
            
            
            PACKETSTORM: 113501 // 
            
            
            
            CNNVD: CNNVD-201206-302 // 
            
            
            
            NVD: CVE-2012-3238

CREDITS
Julien Ahrens (MrTuxracer)
Trust: 0.9
sources:
            
            
            BID: 53939 // 
            
            
            
            CNNVD: CNNVD-201206-302

SOURCES
db:VULHUBid:VHN-56519
db:BIDid:53939
db:JVNDBid:JVNDB-2012-003034
db:PACKETSTORMid:113501
db:CNNVDid:CNNVD-201206-302
db:NVDid:CVE-2012-3238

LAST UPDATE DATE
2024-11-23T22:46:17.386000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56519date:2012-07-10T00:00:00
db:BIDid:53939date:2012-06-12T00:00:00
db:JVNDBid:JVNDB-2012-003034date:2012-07-11T00:00:00
db:CNNVDid:CNNVD-201206-302date:2012-06-19T00:00:00
db:NVDid:CVE-2012-3238date:2024-11-21T01:40:29.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-56519date:2012-07-09T00:00:00
db:BIDid:53939date:2012-06-12T00:00:00
db:JVNDBid:JVNDB-2012-003034date:2012-07-11T00:00:00
db:PACKETSTORMid:113501date:2012-06-12T00:02:00
db:CNNVDid:CNNVD-201206-302date:2012-06-19T00:00:00
db:NVDid:CVE-2012-3238date:2012-07-09T22:55:01.197