File: 2198.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (59 lines) | stat: -rw-r--r-- 1,731 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Rule:  

--
Sid:
2198

--
Summary:
This event is generated when an attempt is made to access cvslog.cgi on an internal web server. This may indicate an attempt to exploit a cross-site scripting vulnerability in Mozilla Bonsai 1.3.

--
Impact:
Arbitrary code execution, possible session hijack.

--
Detailed Information:
Mozilla Bonsai, a CVS query tool, contains an information disclosure vulnerability in cvslog.cgi. An attacker can discover the location of the Mozilla Bonsai application by sending a malformed request to the application, which produces an error. The error message shows the full path of the cvslog.cgi file, providing the attacker with information about the server directory structure.

--
Affected Systems:
Any system running Mozilla Bonsai 1.3.

--
Attack Scenarios:
An attacker sends an erroneous request to cvslog.cgi on the Bonsai server. The error message returns the full path of the script, allowing the attacker to discover more information about the server directory structure for possible use in later attacks.

--
Ease of Attack:
Simple. Proof of concept exists.

--
False Positives:
If a legitimate remote user accesses cvslog.cgi, this rule may generate an event.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to a newer build of Mozilla Bonsai 1.3.

If you are running Mozilla Bonsai on Debian 3.0, Debian has provided patches at http://security.debian.org/pool/updates/main/b/bonsai/.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
Sourcefire Technical Publications Team
Jennifer Harvey <jennifer.harvey@sourcefire.com>

-- 
Additional References:
Bugtraq
http://www.securityfocus.com/bid/5517


--