Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2005-3619 to a friend New vulnerability? New tool? Tell us	CVE-2005-3619 VMware ESX Server XSS     Credit: The information has been provided by Corsaire Security. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2005-3619 Details Check for CVE-2005-3619 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * VMware ESX version 2.5.2 patch 1 and prior  * VMware ESX version 2.1.2 patch 5 and prior  * VMware ESX prior to 2.0.1 patch 5 and prior Immune Systems:  * VMware ESX 2.5.2 upgrade patch 2  * VMware ESX 2.1.2 upgrade patch 6  * VMware ESX 2.0.1 upgrade patch 6 The VMware ESX Server product provides a web application to perform management of the system. One of the functions of this application is to allow administrative users to view log files, such as syslog, through a browser. No encoding of syslog data is performed to ensure that HTML meta-characters are not interpreted by the browser. This allows an attacker to inject HTML content, including JavaScript, into the syslog file where it would be rendered or executed when viewed through the Management Interface. Since the raw syslog data is displayed between <div> tags, it is necessary to close the tag for a clean injection. Two injection methods were detected:    1. An attacker could simply attempt to log in to the Management Interface with a username that contains the injection script, such as:   </div><script>alert('XSS')</script>    2. An attacker could attempt to log in to the ftp server with a username containing a similar injection string.   It should be noted that the ftp server is not enabled by default, however, the Management Interface is.   This flaw could be used to conduct any number of Cross Site Scripting attacks, such as Session Hijacking, Cross Site Request Forgery or apparent falsification of the syslog data.   The risk of this vulnerability is increased due to the fact that only administrative users have permission to view the syslog files through the Management Interface. Should a Session Hijacking attack be successful, it would therefore likely yield administrative access. CVE Information: CVE-2005-3619 Disclosure Timeline: Discovered: 11.11.05 (Stephen de Vries) Vendor notified via client: 15.11.05 Vendor notified directly: 19.05.06 Document released: 01.06.06  Comments on CVE-2005-3619:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®