portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David S Taylor <da...@bluesunrise.com>
Subject [CVE-2016-0712] Apache Jetspeed information disclosure vulnerability
Date Thu, 03 Mar 2016 21:16:41 GMT
CVE-2016-0712:  Reflected Cross Site Scripting in URI path

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Jetspeed 2.2.0 to 2.2.2
Jetspeed 2.3.0
The unsupported Jetspeed 2.1.x versions may be also affected

Description:
The URI path directory after /portal is vulnerable to reflected Cross Site Scripting. By visiting
the following URL, a JavaScript pop-up will appear when the mouse is moved over the minimize/maximize
buttons (may differ for different UI versions).
Note this issue is only reproduced on Firefox browser.

Mitigation:
2.2.0 - 2.3.0 users should upgrade to 2.3.1

Example:
Given this URL:
http://192.168.2.9:8080/jetspeed/portal/foo%22onmouseover%3d%22alert%281%29?URL=foo/bar

In the HTML response there is script:
<a href="http://192.168.2.4:8080/jetspeed/portal/_ns:YXRlbXBsYXRlLXRvcDJfX3BhZ2UtdGVtcGxhdGVfX2pzbWluLTJfX2pzbWluLTN8ZDA_/foo"onmouseover="alert(1)"
title="Minimize" class="action portlet-action" ><img src="/jetspeed/decorations/images/minimized.gif"
alt="Minimize" border="0"/></a>


Credit:
This issue was discovered by ´╗┐Andreas Lindh

References:
http://tomcat.apache.org/security.html


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org


Mime
View raw message