Summary
The host is running Tembria Server Monitor and is prone to cross-site scripting and information disclosure vulnerabilities.
Impact
Successful exploitation will allow attacker to gain the sensitive information about the user, session, and application and using XSS, an attacker could insert malicious code into a web page and entice users to execute the malicious code.
Impact Level: Application
Solution
Upgrade Tembria Server Monitor version 6.0.5 Build 2252 or later, For updates refer tohttp://www.tembria.com/download
Insight
Multiple flaws are due to,
- An error in the Web application management interface, which allows for execution of Cross-site Scripting (XSS) attacks.
- An error in Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application.
Affected
Tembria Server Monitor Version 6.0.4 Build 2229 and prior.
References
Severity
Classification
-
CVE CVE-2011-3684, CVE-2011-3685 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apple Safari libxml Denial of Service Vulnerability
- Apache Error Log Escape Sequence Injection