Caucho Resin Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running Caucho Resin and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to the latest version of Caucho Technology Resin Professional 4.0.7: http://www.caucho.com/download

Insight

The flaw is caused by improper validation of user-supplied input via the 'digest_username' and 'digest_realm' parameters in resin-admin/digest.php that allows the attackers to insert arbitrary HTML and script code.

Affected

Caucho Technology Resin Professional 3.1.5, 3.1.10 and 4.0.6.

References

http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt
http://secunia.com/advisories/39839
http://www.securityfocus.com/archive/1/511341

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2032

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities