Details of VAR-200606-0015

ID

VAR-200606-0015

CVE

CVE-2006-3101

TITLE

Cisco Secure ACS LoginProxy.CGI Cross-Site Scripting Vulnerability

Trust: 0.9

sources: BID: 18449 // CNNVD: CNNVD-200606-388

DESCRIPTION

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Cisco Secure ACS version 2.3 for UNIX; other versions may also be vulnerable. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. Input passed to specified parameters in LogonProxy.cgi is not properly sanitised before being returned to the user. SOLUTION: Apply patch. http://www.cisco.com/pcgi-bin/tablebuild.pl/cspatchunix-3des PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Liam Romanis and Fujitsu Services Limited. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060615-acs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-3101 // BID: 18449 // VULHUB: VHN-19209 // PACKETSTORM: 47482

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.3	Trust: 1.6
vendor:	cisco	model:	secure acs for unix	scope:	eq	version:	2.3	Trust: 0.3

sources: BID: 18449 // NVD: CVE-2006-3101 // CNNVD: CNNVD-200606-388

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2006-3101
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200606-388
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-19209
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-19209
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-19209 // NVD: CVE-2006-3101 // CNNVD: CNNVD-200606-388

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3101

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-388

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 47482 // CNNVD: CNNVD-200606-388

CONFIGURATIONS

sources: NVD: CVE-2006-3101

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-19209

EXTERNAL IDS

db:	BID	id:	18449	Trust: 2.0
db:	SECUNIA	id:	20699	Trust: 1.8
db:	OSVDB	id:	26531	Trust: 1.7
db:	NVD	id:	CVE-2006-3101	Trust: 1.7
db:	SREASON	id:	1116	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2384	Trust: 1.7
db:	SECTRACK	id:	1016317	Trust: 1.7
db:	CNNVD	id:	CNNVD-200606-388	Trust: 0.7
db:	BUGTRAQ	id:	20060617 RE: CISCO SECURE ACS CROSS SITE SCRIPTING VULNERABILITY.	Trust: 0.6
db:	BUGTRAQ	id:	20060615 CISCO SECURE ACS CROSS SITE SCRIPTING VULNERABILITY.	Trust: 0.6
db:	XF	id:	27166	Trust: 0.6
db:	CISCO	id:	20060615 CISCO SECURE ACS FOR UNIX CROSS SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	SEEBUG	id:	SSVID-81613	Trust: 0.1
db:	EXPLOIT-DB	id:	28030	Trust: 0.1
db:	VULHUB	id:	VHN-19209	Trust: 0.1
db:	PACKETSTORM	id:	47482	Trust: 0.1

sources: VULHUB: VHN-19209 // BID: 18449 // PACKETSTORM: 47482 // NVD: CVE-2006-3101 // CNNVD: CNNVD-200606-388

REFERENCES

url:	http://www.securityfocus.com/bid/18449	Trust: 1.7
url:	http://www.cisco.com/en/us/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html	Trust: 1.7
url:	http://www.osvdb.org/26531	Trust: 1.7
url:	http://securitytracker.com/id?1016317	Trust: 1.7
url:	http://secunia.com/advisories/20699	Trust: 1.7
url:	http://securityreason.com/securityalert/1116	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/437441/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/437480/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/2384	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27166	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/437480/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/437441/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2384	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/27166	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3
url:	/archive/1/437441	Trust: 0.3
url:	http://secunia.com/product/680/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/20699/	Trust: 0.1
url:	http://secunia.com/product/679/	Trust: 0.1
url:	http://www.cisco.com/warp/public/707/cisco-sr-20060615-acs.shtml	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/cspatchunix-3des	Trust: 0.1

sources: VULHUB: VHN-19209 // BID: 18449 // PACKETSTORM: 47482 // NVD: CVE-2006-3101 // CNNVD: CNNVD-200606-388

CREDITS

Thomas Liam Romanis liam.romanis@uk.fujitsu.com

Trust: 0.6

sources: CNNVD: CNNVD-200606-388

SOURCES

db:	VULHUB	id:	VHN-19209
db:	BID	id:	18449
db:	PACKETSTORM	id:	47482
db:	NVD	id:	CVE-2006-3101
db:	CNNVD	id:	CNNVD-200606-388

LAST UPDATE DATE

2023-12-18T12:40:06.545000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-19209	date:	2018-10-18T00:00:00
db:	BID	id:	18449	date:	2006-06-16T15:56:00
db:	NVD	id:	CVE-2006-3101	date:	2018-10-18T16:45:46.547
db:	CNNVD	id:	CNNVD-200606-388	date:	2006-08-17T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-19209	date:	2006-06-21T00:00:00
db:	BID	id:	18449	date:	2006-06-15T00:00:00
db:	PACKETSTORM	id:	47482	date:	2006-06-17T01:13:40
db:	NVD	id:	CVE-2006-3101	date:	2006-06-21T01:02:00
db:	CNNVD	id:	CNNVD-200606-388	date:	2006-06-20T00:00:00