Symantec Reporting Server Improper URL Handling Exposure

medium Nessus Plugin ID 38653

Synopsis

The login page in the remote web server contains a URL handling error.

Description

The remote host is running Symantec Reporting Server, a component of Symantec AntiVirus Corporate Edition, Symantec Client Security, and Symantec Endpoint Protection Manager that serves to create reports about the use of Symantec antivirus products in an enterprise environment.

The installed version of Reporting Server includes user-supplied input to the 'MSG' parameter of the 'Reporting/login/login.php' script on the login page. By tricking an authorized user into clicking on a specially crafted link, an attacker can cause an arbitrary message to be displayed, which in turn could facilitate phishing attacks against the affected site.

Solution

Upgrade as described in the vendor advisory.

See Also

http://www.nessus.org/u?ed674302

http://www.nessus.org/u?581d7937

Plugin Details

Severity: Medium

ID: 38653

File Name: symantec_reporting_server_url_handling.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 5/1/2009

Updated: 1/19/2021

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:reporting_server, cpe:/a:symantec:antivirus, cpe:/a:symantec:antivirus_central_quarantine_server, cpe:/a:symantec:client_security, cpe:/a:symantec:endpoint_protection

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 4/28/2009

Reference Information

CVE: CVE-2009-1432

BID: 34668

Secunia: 34935

IAVA: 2009-A-0037

CWE: 20