BugTraq
[CVE-2012-1621] Apache OFBiz information disclosure vulnerability Apr 15 2012 01:33PM
Jacopo Cappellato (jacopoc apache org)
CVE-2012-1621: Apache OFBiz information disclosure vulnerability

Severity: Important

Vendor:
The Apache Software Foundation - Apache OFBiz

======Versions Affected======

Apache OFBiz 10.04 (also known as 10.04.01)

======Description======

Multiple XSS:

XSS 1:
Error messages containing user input returned via ajax requests
weren't being escaped

XSS 2:
Parameter arrays (converted to Lists by OFBiz) weren't being
auto-encoded in freemarker templates. An attacker could send multiple
parameters sharing the same name where only a single value was
expected, because the value was a List instead of a String rendering
the parameter in freemarker via ${parameter} would bypass OFBiz's
automatic html encoding.

XSS 3:
Requests that used the cms event were susceptible to XSS attacks via
the contentId and mapKey parameters because if the content was found
to be missing an unencoded error message containing the supplied
values was being streamed to the browser.

XSS 4:
Requests that used the experimental Webslinger component were susceptible to XSS attacks

====== Mitigation======

10.04 users should upgrade to 10.04.02

======Credit======

These issues were discovered by Matias Madou (mmadou (at) hp (dot) com [email concealed]) of Fortify/HP Security Research Group
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBAgAGBQJPis4uAAoJEHpYCQiEevng1/QQAIvtQ0n3ccAzZvWzLBcayEFi
QXym+l/UGA+NFjTmPWSFPWfBaHBftwAOlBmI0JKBFuOlqqV9zG67pIbS5E2cMmyG
eicYO1Kk9arxw1HdAO0qmfi2QNPasGYiLzaA3xcL+0xXv1p5NxTiw3faxW/m0FZb
M33B3yPz6qhmXoFcI1MSeaCXj3BoZdYF+88TqYCevwrDZn9rNQKT9F5Xwqsqz3+m
zey0JH/C+XLpOCQGeyqhQUdxP1TeqV5WCzjg7NPkoY8ik1dGv7uNroL+Ti20nTVI
IimdspN2MpTfVenx66v5zogaQBNbx/udU9DNlT0cGAH0YsxmJEapt0bIDgGS3UMG
h92yIxVI/x8hD+5mk/zbgDezxKQBTl1YjqufpG/WHiJnGaHno4oulNe0IJIKrKVR
F8NYgFbP0zMHWFpsmOb6Stwy1tZTIaJLqcNMwcigposW+RwZZrxJ319zDaNdpQWh
qhJS5lvTeymjZ3MtjT8VvRykR0CEqt4S+Q4lxe14I+C03QmDAXCAKeA+W5kIjeTQ
Ek91AFsRq4tL97NXMbuirqER2koBkpFtZCxtQeBz4oGkeRk19h4dYCw39t5tPZL0
vtqVPc4sgNTLvwfT0rblUBluRyrOTj/ip0GamzT+/iuTZOQyElPPMzGahOdn7Ddm
/5F76fjOBRcc3Ntfoavt
=2Rf7
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus