FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jose Antonio Coret reports that GForge contains multiple Cross Site
Scripting vulnerabilities and an e-mail flood vulnerability :

The login form is also vulnerable to XSS (Cross Site Scripting)
attacks. This may be used to launch phising attacks by sending HTML
e-mails (i.e.: saying that you need to upgrade to the latest GForge
version due to a security problem) and putting in the e-mail an HTML
link that points to an specially crafted url that inserts an html form
in the GForge login page and when the user press the login button,
he/she send the credentials to the attackers website.

The 'forgot your password?' feature allows a remote user to load a
certain URL to cause the service to send a validation e-mail to the
specified user's e-mail address. There is no limit to the number of
messages sent over a period of time, so a remote user can flood the
target user's secondary e-mail address. E-Mail Flood, E-Mail bomber.

See also :

http://marc.info/?l=bugtraq&m=112259845904350
http://www.nessus.org/u?989c3706

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56498 ()

Bugtraq ID: 14405

CVE ID: CVE-2005-2430
CVE-2005-2431

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now