Aker Secure Mail Gateway Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Aker Secure Mail Gateway and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Apply the patch from below link, http://www.aker.com.br/produtos/aker-secure-mail-gateway

Insight

Input passed via the 'msg_id' GET parameter to webgui/cf/index.php is not properly sanitised before being returned to the user.

Affected

Aker Secure Mail Gateway version 2.5.2 and prior

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/125599
http://seclists.org/fulldisclosure/2014/Mar/51
http://secunia.com/advisories/57236
http://www.kb.cert.org/vuls/id/687278
http://www.osvdb.org/104095

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6037

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Tomcat Login Constraints Security Bypass Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability

Take action and discover your vulnerabilities