Project Woodstock 404 Error Page UTF-7 Encoded XSS

medium Nessus Plugin ID 38733

Synopsis

The remote web server is running a web application that is affected by a cross-site scripting vulnerability.

Description

The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat, and WebLogic.

The version of Woodstock in use fails to properly sanitize user- supplied URI data when generating 404 error page. By sending UTF-7 encoded URIs to the affected application, an attacker could launch cross-site scripting attacks.

Note that this attack only works if the victim configures their browser to auto-detect encoding, and the browser recognizes UTF-7.

Solution

Download the latest Woodstock sources from CVS.

See Also

http://web.archive.org/web/20100323035516/http://dsecrg.com:80/pages/vul/show.php?id=138

https://www.securityfocus.com/archive/1/503239/30/0/threaded

https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041

Plugin Details

Severity: Medium

ID: 38733

File Name: woodstock_404_utf7_xss.nasl

Version: 1.21

Type: remote

Published: 5/11/2009

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2009-1554

BID: 34829, 34914

CWE: 79

Secunia: 35006