Web application abuses : Serendipity 'Xinha WYSIWYG' Editor Security Bypass Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801337

Categoría: Web application abuses

Título: Serendipity 'Xinha WYSIWYG' Editor Security Bypass Vulnerability

Resumen: Serendipity is prone to a security bypass vulnerability.

Descripción: Summary:
Serendipity is prone to a security bypass vulnerability.

Vulnerability Insight:
The flaw is due to an input validation error in 'Xinha WYSIWYG' editor with
dynamic configuration feature enabled when processing the,

- crafted 'backend_config_secret_key_location' and 'backend_config_hash'
parameters that are used in a SHA1 hash of a shared secret that can be
known or externally influenced, which are not properly handled by the
'Deprecated config passing' feature.

- crafted 'backend_data' and 'backend_data[key_location]' variables, which
are not properly handled by the 'xinha_read_passed_data()' function.

Vulnerability Impact:
Successful exploitation will allow attacker to bypass intended access
restrictions and modify the configuration of arbitrary plugins.

Affected Software/OS:
Serendipity version 1.5.2 and on all platforms.

Solution:
Upgrade to Serendipity version 1.5.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1916
BugTraq ID: 40033
http://www.securityfocus.com/bid/40033
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html
http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html
http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html
http://secunia.com/advisories/39782
http://secunia.com/advisories/40124
http://www.vupen.com/english/advisories/2010/1401

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801337
Categoría:	Web application abuses
Título:	Serendipity 'Xinha WYSIWYG' Editor Security Bypass Vulnerability
Resumen:	Serendipity is prone to a security bypass vulnerability.
Descripción:	Summary: Serendipity is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is due to an input validation error in 'Xinha WYSIWYG' editor with dynamic configuration feature enabled when processing the, - crafted 'backend_config_secret_key_location' and 'backend_config_hash' parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the 'Deprecated config passing' feature. - crafted 'backend_data' and 'backend_data[key_location]' variables, which are not properly handled by the 'xinha_read_passed_data()' function. Vulnerability Impact: Successful exploitation will allow attacker to bypass intended access restrictions and modify the configuration of arbitrary plugins. Affected Software/OS: Serendipity version 1.5.2 and on all platforms. Solution: Upgrade to Serendipity version 1.5.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1916 BugTraq ID: 40033 http://www.securityfocus.com/bid/40033 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html http://secunia.com/advisories/39782 http://secunia.com/advisories/40124 http://www.vupen.com/english/advisories/2010/1401
Copyright	Copyright (C) 2010 Greenbone AG