Sanctum AppScan Audit Edition May Not Detect Certain Javascript URLs
|
|
SecurityTracker Alert ID: 1007792
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 23 2003
|
Impact: Host/resource access via network
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 4.0 Audit Edition
|
Description: A vulnerability was reported in AppScan Audit Edition. A remote user can create HTML containing malicious links that will not be detected and tested by the application.
Packetstorm posted a report credited to Rafael San Miguel Carrasco indicating that there is a weakness in the AppScan "Explore stage"
when configured for "Automatic Scan". When HTML code uses a wrapper function within an "A HREF" tag to reference a URL, the application
will reportedly fail to detect and test the URL.
A demonstration exploit is provided:
<script>
function openBrWindow(theURL,winName,features)
{
window.open(theURL,winName,features); }
</script>
<a href="#" onClick="openWindow('bla.html','','');">
<img src="bla.jpg"></a>
The
vendor has reportedly been notified.
|
Impact: A remote user can create HTML with malicious links that will not be tested by AppScan.
|
Solution: No solution was available at the time of this entry. According to the report, the vendor provided the following workaround:
"We
are aware of this limitation and in case of extensive usage of Java Script we recommend the user to choose "Interactive" Scan Type
and explore the site manually. If you do so, just like a normal user will explore your site, AppScan will test the encapsulated
links."
|
Vendor URL: www.sanctuminc.com/solutions/appscanaud/index.html (Links to External Site)
|
Cause: State error
|
Underlying OS: Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
