Summary
The host is running Caucho Resin and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to the latest version of Caucho Technology Resin Professional 4.0.7:
http://www.caucho.com/download
Insight
The flaw is caused by improper validation of user-supplied input via the 'digest_username' and 'digest_realm' parameters in resin-admin/digest.php that allows the attackers to insert arbitrary HTML and script code.
Affected
Caucho Technology Resin Professional 3.1.5, 3.1.10 and 4.0.6.
References
Severity
Classification
-
CVE CVE-2010-2032 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities