Project Woodstock 404 Error Page UTF-7 Encoded XSS

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is running a web application that is affected by
a cross-site scripting vulnerability.

Description :

The remote web server contains a web application built using Woodstock
components, which are user interface components for the web- based on
Java Server Faces and AJAX. Woodstock is part of Sun Glassfish
Enterprise Server and can also be used with other Java web containers,
such as JBoss, Tomcat, and WebLogic.

The version of Woodstock in use fails to properly sanitize user-
supplied URI data when generating 404 error page. By sending UTF-7
encoded URIs to the affected application, an attacker could launch
cross-site scripting attacks.

Note that this attack only works if the victim configures their
browser to auto-detect encoding, and the browser recognizes UTF-7.

See also :

http://dsecrg.com/pages/vul/show.php?id=138
http://www.securityfocus.com/archive/1/503239/30/0/threaded
https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041

Solution :

Download the latest Woodstock sources from CVS.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 38733 ()

Bugtraq ID: 34829
34914

CVE ID: CVE-2009-1554