Summary
This host is installed with IBM Sametime Classic Meeting Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow local attacker to gain access to the meeting password hash from the HTML source and allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade or apply patches as given in below link,
http://www-01.ibm.com/support/docview.wss?uid=swg21679454
Insight
Multiple flaws are due to,
- improper validation of user supplied input.
- presence of password hash in HTML source.
Affected
IBM Sametime Classic Meeting Server 8.x through 8.5.2.1
Detection
Send a crafted HTTP GET request and check whether it is able to read string or not.
References
Severity
Classification
-
CVE CVE-2014-4747, CVE-2014-4748 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache Rave User Information Disclosure Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS