|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
|
| |
Vulnerable Systems:
* MyFaces Tomahawk version 1.1.5
Immune Systems:
* MyFaces Tomahawk version 1.1.6
The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted.
Analysis:
Successful exploitation of this vulnerability allows an attacker to conduct an XSS attack on a user. This could allow an attacker to steal cookies, inject content into pages, or submit requests using the user's credentials.
To exploit this vulnerability, an attacker must use social engineering techniques to persuade the user to click a link to a Web application that uses MyFaces Tomahawk. In the following example, the [javascript] portion of the request would be present unfiltered in the returned content.
http://www.vulnerable.tld/some_app.jsf?autoscroll=[javascript]
Vendore response:
The Apache Software Foundation MyFaces team has addressed this vulnerability by releasing version 1.1.6 of MyFaces Tomahawk. More information can be found at the following URL: http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
CVE Information:
CVE-2007-3101
Disclosure Timeline:
06/05/2007 - Initial vendor notification
06/05/2007 - Initial vendor response
06/14/2007 - Coordinated public disclosure
|
|
|
|
|
