oss-sec mailing list archives
Re: CVE Request -- Multiple security issues in various versions of AWStats
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 07 Oct 2011 11:33:22 +0200
And one correction yet. Petr Lautrbach (Cc-ed) commented on Red Hat Bugzilla bug [1], that: <quote> > URL redirection abuse: >> http://site/awredir.pl?key=0f3830803a70cc1636af3548b66ed978&url=http://websecurity.com.ua
awredir.pl is url redirector so this is its main/only feature and it
is/can be secured by $KEYFORMD5. So I don't think this is flaw.
</quote>
Thus explicitly mentioning it here too, so this would not fall out
of the radar and just five CVE ids would be assigned.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
P.S.: Petr, if you have more comments on the rest of the issues,
feel free to do so in order to proper set of CVE ids would
be assigned to these. Thanks, Jan.
On 10/07/2011 10:17 AM, Jan Lieskovsky wrote:
Hello Josh, Steve, vendors, these doesn't look like CVE ids have been already assigned for: [1] https://bugzilla.redhat.com/show_bug.cgi?id=740926#c0 [2] http://secunia.com/advisories/46160/ [3] http://seclists.org/fulldisclosure/2011/Sep/234 [4] http://websecurity.com.ua/5380/ If I counted correctly, six CVE ids should be assigned for these (since different versions are listed as vulnerable): 1) XSS (WASC-08) (in versions <=1.1): http://site/awredir.pl?url=javascript:alert(document.cookie) 2) Redirector (URL Redirector Abuse in WASC 2.0) (WASC-38): http://site/awredir.pl?url=http://websecurity.com.ua 3) SQL Injection (WASC-19): (version 1.2) http://site/awredir.pl?url='%20and%20benchmark(10000,md5(now()))/* 4) XSS (WASC-08) (in version 1.2): http://site/awredir.pl?url=%3Cscript%3Ealert(document.cookie)%3C /script%3E http://site/awredir.pl?key=%3Cscript%3Ealert(document.cookie)%3C /script%3E 5) HTTP Response Splitting (WASC-25): http://site/awredir.pl?key=04ed5362e853c72ca275818a7c0c5857&; url=%0AHeader:1 6) CRLF Injection (Improper Input Handling in WASC 2.0) (WASC-20): http://site/awredir.pl?key=4b9faa91e2529400c4f3c70833b4e4a5&; url=%0AText Could you allocate CVE identifiers for these? (let me know if further description of each of the issues is necessary prior assignment). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Petr Lautrbach (Oct 10)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 10)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)