Summary
This host is installed with OpenMRS and
is prone to multiple vulnerabilities
Impact
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer http://openmrs.org
Insight
Multiple flaws are due to,
- The /coreapps/mergeVisits.page script does not validate input to the 'returnUrl' parameter before returning it to users.
- The HTTP requests to /admin/users/user.form do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions.
- The /registrationapp/registerPatient.page script does not validate input to the 'givenName', 'familyName', 'address1', and 'address2' POST parameters before returning it to users.
- The /allergyui/allergy.page script does not validate input to the 'comment' POST parameter before returning it to users.
- The /htmlformentryui/htmlform/enterHtmlForm/submit.action script does not validate input to the 'w10' POST parameter before returning it to users.
- The login.htm script does not validate input to the HTTP referer header before returning it to users.
- The /htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page script does not validate input to the 'returnUrl' parameter before returning it to users.
- The /htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page script does not validate input to the 'visitId' parameter before returning it to users.
- A lack of access restrictions for the /admin page.
Affected
OpenMRS version 2.1 Standalone Edition
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-8071, CVE-2014-8072, CVE-2014-8073 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities