Summary
The host is running Tembria Server Monitor and is prone to cross-site scripting and information disclosure vulnerabilities.
Impact
Successful exploitation will allow attacker to gain the sensitive information about the user, session, and application and using XSS, an attacker could insert malicious code into a web page and entice users to execute the malicious code.
Impact Level: Application
Solution
Upgrade Tembria Server Monitor version 6.0.5 Build 2252 or later, For updates refer tohttp://www.tembria.com/download
Insight
Multiple flaws are due to,
- An error in the Web application management interface, which allows for execution of Cross-site Scripting (XSS) attacks.
- An error in Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application.
Affected
Tembria Server Monitor Version 6.0.4 Build 2229 and prior.
References
Severity
Classification
-
CVE CVE-2011-3684, CVE-2011-3685 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Apple Mac OS X Denial of Service Vulnerability
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)