Sanctum AppScan Audit Edition May Not Detect Certain Javascript URLs
|
|
SecurityTracker Alert ID: 1007792 |
|
SecurityTracker URL: http://securitytracker.com/id/1007792
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 23 2003
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 4.0 Audit Edition
|
Description:
A vulnerability was reported in AppScan Audit Edition. A remote user can create HTML containing malicious links that will not be detected and tested by the application.
Packetstorm posted a report credited to Rafael San Miguel Carrasco indicating that there is a weakness in the AppScan "Explore stage" when configured for "Automatic Scan". When HTML code uses a wrapper function within an "A HREF" tag to reference a URL, the application will reportedly fail to detect and test the URL.
A demonstration exploit is provided:
<script>
function openBrWindow(theURL,winName,features)
{ window.open(theURL,winName,features); }
</script>
<a href="#" onClick="openWindow('bla.html','','');">
<img src="bla.jpg"></a>
The vendor has reportedly been notified.
|
Impact:
A remote user can create HTML with malicious links that will not be tested by AppScan.
|
Solution:
No solution was available at the time of this entry. According to the report, the vendor provided the following workaround:
"We are aware of this limitation and in case of extensive usage of Java Script we recommend the user to choose "Interactive" Scan Type and explore the site manually. If you do so, just like a normal user will explore your site, AppScan will test the encapsulated links."
|
Vendor URL: www.sanctuminc.com/solutions/appscanaud/index.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
