SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  DeleGate Vendors:  Delegate.org
DeleGate Proxy Server Allows Cross-Site Scripting Attacks
Date:  Dec 28 2001
Impact:  Disclosure of user information, Execution of arbitrary code via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Secure Net Service (LAC)
Version(s): 7.7.0, 7.7.1; possibly earlier versions
Description:  SecureNet Service reported a vulnerability in the DeleGate proxy server. A remote user can conduct a cross-site scripting attack.

DeleGate reportedly fails to filter user-supplied input and displays user-supplied HTML, allowing a remote user to conduct a cross-site scripting attack. This apparently occurs under the following conditions:

1) When a "403 Forbidden" error message is generated

2) When an administrator-configured error message is displayed (using the MOUNT option)

The following type of URL can be used to trigger the vulnerability:

http://IP_Address_of_DeleGate/<script>alert("aaa");</script>
Impact:  A remote user can create a URL that, when loaded by another user (victim) will cause arbitrary javascript code to be executed in the security domain of the DeleGate server. This code will appear to originate from the DeleGate server and will be able to access the victim user's cookies and other information associated with the DeleGate server.
Solution:  The vendor has issued a fix. Upgrade to DeleGate/7.8.0, available at:

http://www.delegate.org/delegate/

Vendor URL:  www.delegate.org/delegate/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 28 Dec 2001 08:35:55 -0500
Subject:  DeleGate Cross Site Scripting Vulnerability

 

SNS Advisory No.47
DeleGate Cross Site Scripting Vulnerability

Problem first discovered: Wed, 26 Dec 2001
Published: Fri, 28 Oct 2001



Overview:

DeleGate, a multifunctional Proxy server program, contains a
vulnerability related to a cross site scripting.

Problem Description: 

DeleGate, a multifunctional Proxy server program, is prone to a cross
site scripting vulnerability under the following specific conditions:

* When there is an URL that displays the error message "403 Forbidden"

* When the administrator displays his/her own configured error message
using the MOUNT option

The configuration that complies with these conditions will result in
automatic execution of JavaScript code on the Web user's browser, if the
attacker makes the following link, and the user clicks it:

     http://IP_Address_of_DeleGate/<script>alert("aaa");</script>

Tested Versions:

DeleGate/7.7.1
DeleGate/7.7.0 

Solution:

This problem can be eliminated by upgrading to DeleGate/7.8.0, which is
available at the following URL:

     http://www.delegate.org/delegate/

Discovered by:

Satoshi ISHIZUKA (LAC) 
Keigo YAMAZAKI (LAC) 

Disclaimer:

All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC