Summary
This host is installed Transform Foundation Server and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Apply updates from the below link,
http://bot24.blogspot.in/2014/06/cve-2014-2577-xss-on-transform.html
Insight
Multiple flaws exists due to an,
- Improper validation of input passed via 'db' and 'referer' POST parameters passed to /index.fsp/index.fsp script.
- Improper validation of the input passed via 'pn' GET parameter passed to /index.fsp script.
- Improper validation of input passed via the URL before returning it to users.
Affected
Transform Foundation Server version 4.3.1 and 5.2
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-2577 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness