IMP Content-Type Header XSS

This script is Copyright (C) 2004-2011 George A. Theall


Synopsis :

The remote web server is hosting a PHP application that is affected by
a cross-site scripting vulnerability.

Description :

The remote server is running at least one instance of IMP whose
version number is between 2.0 and 3.2.3 inclusive. Such versions are
vulnerable to a cross-scripting attack whereby an attacker may be
able to cause a victim to unknowingly run arbitrary JavaScript code
simply by reading a MIME message with a specially crafted Content-Type
header.

Note : Nessus has determined the vulnerability exists on the target
simply by looking at the version number of IMP installed there
it has
not attempted to actually exploit the vulnerability.

See also :

http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt

Solution :

Upgrade to IMP version 3.2.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 12263 (imp_content_type_xss.nasl)

Bugtraq ID: 10501

CVE ID: CVE-2004-0584