Summary
The host is installed with Ganglia Web and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks.
Impact Level: Application
Solution
Upgrade to Ganglia Web version 3.5.11 or later.
For updates refer to http://ganglia.info/
Insight
Input passed via the 'host_regex' GET parameter to index.php (when 'c' is set to to '1') is not properly sanitised before being returned to the user.
Affected
Ganglia Web version 3.5.10 Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-6395 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Allaire JRun directory browsing vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- aeNovo Database Content Disclosure Vulnerability