首页 -> 安全研究
安全研究
安全漏洞
iPlanet日志分析器日志文件HTML标记插入漏洞
发布日期:2003-03-04
更新日期:2003-03-11
受影响系统:
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP2描述:
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP12
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP11
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP11
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition (Windows) 4.1sp7
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition (Windows) 4.1sp6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition (Windows) 4.1sp5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition (Windows) 4.1sp4
iPlanet E-Commerce Solutions iPlanet Web Server 6.0
- Compaq Tru64 Unix 4.0D
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- RedHat Linux 6.2
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition (Windows) 4.1sp3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BUGTRAQ ID: 7017
Sun iPlanet Web是一款Sun Microsystems公司开发的商业WEB服务器程序。
iPlanet当对请求进行日志记录时不充分过滤HTML代码,远程攻击者可以利用这个漏洞进行跨站脚本攻击,导致敏感信息泄露。
当客户端主机名为?<scrip>alert(?a?)</script>?,向iPlanet提交HTTP请求会导致把Javascript代码记录到日志中,当管理员查看日志时,可导致脚本代码在管理员日志解析器上执行,会使用户敏感信息泄露。
<*来源:Hugo Vázquez Caramés
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104680367329779&w=2
*>
建议:
厂商补丁:
iPlanet E-Commerce Solutions
----------------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.iplanet.com/
浏览次数:3369
严重程度:0(网友投票)
绿盟科技给您安全的保障