|
Gattaca Server 2003 Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA9242
|
|
|
Release Date:
|
2003-07-12
|
|
Popularity:
|
5,048 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Cross Site Scripting
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Gattaca Server 2003 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple vulnerabilities have been reported in Gattaca Server 2003, which can be exploited to conduct Cross-Site Scripting attacks, access arbitrary files and cause a DoS (Denial of Service).
It is possible to view directory contect by sending a specially crafted HTTP request where an extra "/" character has been appended to the end of the HTTP request for a directory.
Example:
http://[victim]//
Supplying an overly long argument (1048 characters or more) to the "LLIST" command in the Gattaca console can be exploited to crash the server.
An input validation error in "view.tmpl" can be exploited to access arbitrary files on the system with the privileges of Gattaca via a classic directory traversal attack.
Example:
http://[victim]/view.tmpl?testfile=../../winnt/win.ini
An input validation error in "view2.tmpl" can be exploited to conduct Cross-Site Scripting attacks against visitors. This can be exploited to gain knowledge of sensitive information (e.g. cookie-based authentication information) associated with the site running Gattaca Server 2003, or inclusion of malicious content, which the user thinks is part of the real website.
However, successful exploitation requires that a user is tricked into visiting a malicious web site or clicking a malicious link.
Example:
http://[victim]/view2.tmpl?text=<script>alert(document.cookie)</script>
The vulnerabilities have been reported in version 1.0.8.1. However, prior versions may also be affected.
Solution:
The vendor will reportedly fix the vulnerabilities in the next release (except the Cross-Site Scripting issue, which the vendor doesn't regard as a vulnerability):
www.gattaca-server.com
Filter malicious requests in a HTTP proxy or firewall with URL filtering capabilities and grant only trusted users access to the Gattaca console.
Provided and/or discovered by:
Gregory Le Bras
Original Advisory:
http://www.security-corporation.com/advisories-019.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
2nd Dec, 2008
|
New advisories:
|
14 |
|
New vulnerabilities:
|
21 |
|
Updated advisories:
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
