|
Gattaca Server 2003 Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA9242
|
|
|
Release Date:
|
2003-07-12
|
|
Popularity:
|
5,650 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Cross Site Scripting
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Gattaca Server 2003 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities have been reported in Gattaca Server 2003, which can be exploited to conduct Cross-Site Scripting attacks, access arbitrary files and cause a DoS (Denial of Service).
It is possible to view directory contect by sending a specially crafted HTTP request where an extra "/" character has been appended to the end of the HTTP request for a directory.
Example:
http://[victim]//
Supplying an overly long argument (1048 characters or more) to the "LLIST" command in the Gattaca console can be exploited to crash the server.
An input validation error in "view.tmpl" can be exploited to access arbitrary files on the system with the privileges of Gattaca via a classic directory traversal attack.
Example:
http://[victim]/view.tmpl?testfile=../../winnt/win.ini
An input validation error in "view2.tmpl" can be exploited to conduct Cross-Site Scripting attacks against visitors. This can be exploited to gain knowledge of sensitive information (e.g. cookie-based authentication information) associated with the site running Gattaca Server 2003, or inclusion of malicious content, which the user thinks is part of the real website.
However, successful exploitation requires that a user is tricked into visiting a malicious web site or clicking a malicious link.
Example:
http://[victim]/view2.tmpl?text=<script>alert(document.cookie)</script>
The vulnerabilities have been reported in version 1.0.8.1. However, prior versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
