Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(Product is Not Vulnerable) Verity K2 Enterprise Search Feature Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1006387 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Mar 28 2003
|
Original Entry Date: Mar 26 2003
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Exploit Included: Yes
|
Description: An input validation vulnerability was reported in the Verity K2 Enterprise search feature. A remote user can conduct cross-site scripting attacks if the customer has not correctly implemented the system.
[Editor's note: After the original alert was issued, the vendor indicated that the Verity K2 Enterprise search product is not vulnerable.
It was determined that some customers may incorrectly configure the system in a manner that permits cross-site scripting attacks.
In fact, Verity's own public web site was misconfigured as such. Because the product itself is shipped to be secure "out of the
box" and is apparently not vulnerable, we will be deleting this entry from our database shortly.]
A remote user can submit specially
crafted input containing HTML scripting code that will be displayed by the system, causing the code to execute. A remote user can
create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target
user's browser. The code will originate from the site running the Verity search software and will run in the security context of
that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated
with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as
the target user.
Some demonstration exploit search contents are provided:
"><script>alert(document.cookie)</script><
[Editor's
note: In the original report from SecurityBugware, which is credited to decka trash, the "Verity Information Server" was identified
as the vulnerable product. It appears that this report applied to Verity's Search97 product (Verity Information Server). The Search97
vulnerability was apparently previously reported in June 2002 and subsequently patched by the vendor. Even though it was patched,
many sites remain vulnerable.]
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the
Verity search software, access data recently submitted by the target user via web form to the site, or take actions on the site
acting as the target user.
|
Solution: No solution was available at the time of this entry.
[Editor's note: The product is apparently not vulnerable. This entry will be deleted from our database shortly. See the 'Description' section for more information.]
|
Vendor URL: www.verity.com/products/k2_enterprise/index.html (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 26 Mar 2003 10:59:03 -0500
Subject: Verity Information Server XSS
|
http://www.securitybugware.org/Other/6090.html
Security Bugware reported a cross-site scripting vulnerability in the Verity Information Server.
A demonstration exploit search string is provided:
"><script>alert(document.cookie)</script><
The report credits decka trash [decka_trash@yahoo.com] with reporting the flaw.
|
|
Go to the Top of This SecurityTracker Archive Page
|
