SA94 : Malware Analysis Appliance Cross-site Scripting and Information Disclosure Vulnerabilities

SA94 : Malware Analysis Appliance Cross-site Scripting and Information Disclosure Vulnerabilities

SYMSA1320 July 1st, 2015 https://www.symantec.com/docs/SYMSA1320
Support / SA94 : Malware Analysis Appliance Cross-site Scripting and Information Disclosure Vulnerabilities
Was this article helpful?

Thank you for your feedback!

Provide feedback on this article

Thank you for your feedback!
Print Article
Related Products
Subscribe to this Article
Manage your Subscriptions
Search Again
Security Advisory ID SYMSA1320

Initial Publication Date:
Advisory Status:
Advisory Severity:
CVSS Base Score: Legacy ID

16 Apr 2015
Closed
Medium
CVSS v2: 5.8
SA94

Summary

The Malware Analysis Appliance (MAA) is vulnerable to cross-site scripting (XSS) and information disclosure vulnerabilities in search.php.  An attacker can use these vulnerabilities to attack the client machine (via XSS), and to obtain MAA user names, sample names, and user generated data about the samples.

Affected Products

Malware Analysis Appliance (MAA)
CVE Affected Version(s) Remediation
All CVEs 4.2 Upgrade to 4.2.4.
4.1 Upgrade to later version with fixes.

 

Malware Analyzer G2 (MAG2)
CVE Affected Version(s) Remediation
All CVEs 3.5 and prior Upgrade to later version of MAA with fixes.

Issues

CVE-2015-0937
Severity / CVSSv2 Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
References SecurityFocus: BID 74060 / NVD: CVE-2015-0937
Impact Cross-site scripting (XSS)
Description Cross-site scripting vulnerabilities are present in search.php and other URLs.  An attacker can use cross-site scripting to execute arbitrary javascript on the client machine as the user.  The javascript could be used to send commands to MAA, or to install malware or keystroke loggers on the client machine.

 

CVE-2015-0938
Severity / CVSSv2 Medium / 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
References SecurityFocus: BID 74060 / NVD: CVE-2015-0938
Impact Information disclosure
Description Information can be obtained by a non-authenticated user using search.php.  An attacker could obtain the names of MAA users that have uploaded samples, the sample file names of any files that have been submitted to MAA, and user generated data about the samples that have been uploaded.  An attacker cannot modify information or obtain full administrative access.

Acknowledgements

Thank you to the CERT Coordination Center for coordinating the vulnerability report and the subsequent release of a fix.

References

VU#274244 - https://www.kb.cert.org/vuls/id/274244

Revisions

2015-07-01 A fix will not be provided in 4.1; marked as final.
2015-04-16 Initial public release

Legacy ID

SA94

Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Didn't find the article you were looking for? Try these resources.

Supported Products A-Z

Get support for your product, with downloads, knowledge base articles, documentation, and more.

Education Services

Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

Submit a Threat

Submit a suspected infected file to Symantec.

Submit a False Positive

Report a suspected erroneous detection (false positive).

Need Help with Endpoint Protection?

Set default language

Do you wish to save this as your future site?