Verity Search97 Search Engine Input Validation Flaw Lets Remote Users Conduct Cross-site Scripting Attacks Against Users of Web Sites Running Search97
|
|
SecurityTracker Alert ID: 1004617 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 24 2002
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in Verity's 'Search97' CGI search engine. A remote user can conduct cross-site scripting attacks against web site users.
CERT reported that 'Search97' contains a cross-site scripting vulnerability in the processing of search requests.
The flaw exists
in both the Microsoft Window's and UNIX versions and appears to reside in the error pages returned from templates and actions that
use either vformat() or vfilter(), according to CERT.
A remote user can create a specially crafted search request URL that, when
loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will appear
to originate from the site running the Search97 search engine and will run in the security context of that site. As a result, the
code will be able to access the target user's cookies associated with that site (if any), as well as information submitted to that
site. The code could also take actions on that site acting as the target user.
CERT credits Point Blank Security with reporting
this flaw. For more information, see:
http://www.pointblanksecurity.com/css/
|
Impact: A remote user that can get a target user to load a specific URL may be able to access the target user's cookies associated with the
site running Search97 (if any), access information submitted by the target user to that site, or take actions on that site acting
as the target user.
|
Solution: CERT notes that the vendor has released a patch (IS37patch18_nti40.zip), available to customers at:
https://customers.verity.com
|
Vendor URL: www.verity.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 21 Jun 2002 17:25:39 -0400
Subject: VU#636431 Verity Search97
|
CERT issued a Vulnerability Note VU#636431
CERT reported that Verity's 'Search97' CGI search engine contains a
cross-site scripting vulnerability in the processing of search requests.
The flaw exists in both the Microsoft Window's and UNIX versions and
appears to reside in the error pages returned from templates and actions
that use either vformat() or vfilter(), according to CERT.
A remote user can create a specially crafted search request URL that,
when loaded by a target user, will cause arbitrary scripting code to be
executed by the target user's browser. The code will appear to
originate from the site running the Search97 search engine and will run
in the security context of that site. As a result, the code will be
able to access the target user's cookies associated with that site (if
any), as well as information submitted to that site. The code could
also take actions on that site acting as the target user.
CERT notes that the vendor has released a patch (IS37patch18_nti40.zip),
available to customers at:
https://customers.verity.com
CERT credits Point Blank Security with reporting this flaw. For more
information, see:
http://www.pointblanksecurity.com/css/
|
|
