SSL-Explorer Multiple Input Validation Vulnerabilities
TITLE: SSL-Explorer Multiple Input Validation Vulnerabilities
CLASS: Input Validation Error
CVE: CVE-2007-2907
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 12:00AM
CREDIT: The vendor reported these issues.
VULNERABLE:
3sp SSL-Explorer 0.1.16NOT VULNERABLE:
3sp SSL-Explorer 0.2.15
3sp SSL-Explorer 0.2.14
Vai alla pagina originale su Security Focus
Discussion
SSL-Explorer is prone to multiple input-validation vulnerabilities. The application is prone to HTML-injection, Cross-site scripting, and directory traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information and access or modify data.
Exploit
Attackers can use a browser to exploit these issues.
Solution
Solution:
The vendor released an update to address these issues. Please see the references for more information.
References
References:
- SSL-Explorer 0.2.13 released (3sp)
- Vendor Homepage (3sp)