SAP Internet Graphics Server XSS and Heap Overflow

2007.07.10
Credit: Mark Litchfield
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-3613
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

======= Summary ======= Name: SAP Internet Graphics Server XSS and Heap Overflow Release Date: 5 July 2007 Reference: NGS00487 Discover: Mark Litchfield <mark (at) ngssoftware (dot) com [email concealed]> Vendor: SAP Vendor Reference: SECRES-288 Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ======== Discovered: 4 January 2007 Released: 19 January 2007 Approved: 27 January 2007 Reported: 8 January 2007 Fixed: 18 January 2007 Published: =========== Description =========== The SAP IGS overflow had previously been reported. The fix went out on the 18th Jan. Despite being reported on the 8th Jan, NGS did not receive any credit. The advisory that was posted by the other security researcher can be found at - http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_B uffer_Overflow.pdf. See attached note The XSS issue however is still being treated by SAP as a vulnerability. ================= Technical Details ================= http://10.1.1.30:40180/ADM:GETLOGFILE?PARAMS=<script>alert("hello")</scr ipt> =============== Fix Information =============== Please ensure you have the latest version NGSSoftware Insight Security Research http://www.ngssoftware.com/ http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top