SYMSA1233

SA62 : Director Cross Site Scripting vulnerability

Last Updated January 20, 2015
Initial Publication Date September 15, 2011
  • Status: Closed
  • Severity: Low
  • CVSS Base Score: CVSS v2: 3.3

An attacker can use the HTTP TRACE method to echo malicious script back to the client as part of a Cross Site Scripting (XSS) attack.  No authentication is required.

All versions of Director prior to 5.5.2.3 are vulnerable.

Patches

  • Director 5.5 - an interim fix is available in 5.5.2.3.
  • Director 5.4 and earlier - please upgrade to a later release.

No CVEs are associated with this vulnerability.

Director is vulnerable to reflected (non-persistent) cross site scripting attacks.  User provided data is not validated or sanitized prior to returning it in response to an HTTP TRACE method issued from the client.

The attacker cannot use this vulnerability to steal the administrator's cookies and impersonate the administrator on another machine. The attacker can use this vulnerability to execute malicious script on the client machine.

Customers can limit the impact of this vulnerability by managing Director only from dedicated machines that do not connect to any other internal or external websites.

OWASP information about XSS: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

2015-01-20 Marked as final
2011-09-15 Initial public release

SA62

Thanks for your feedback. Let us know if you have additional comments below. (requires login)