Ganglia Web 'host_regex' Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is installed with Ganglia Web and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks. Impact Level: Application

Solution

Upgrade to Ganglia Web version 3.5.11 or later. For updates refer to http://ganglia.info/

Insight

Input passed via the 'host_regex' GET parameter to index.php (when 'c' is set to to '1') is not properly sanitised before being returned to the user.

Affected

Ganglia Web version 3.5.10 Other versions may also be affected.

Detection

Send a crafted data via HTTP GET request and check whether it is able read the cookie or not.

References

http://osvdb.org/100380
http://seclists.org/oss-sec/2013/q4/346
http://secunia.com/advisories/55854
http://www.rusty-ice.de/advisory/advisory_2013002.txt
http://xforce.iss.net/xforce/xfdb/89272

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6395

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities