 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.801976 |
| Categoría: | Web application abuses |
| Título: | HP SiteScope Cross-Site Scripting and Session Fixation Vulnerabilities |
| Resumen: | HP SiteScope is prone to cross-site scripting and session fixation vulnerabilities. |
| Descripción: | Summary: HP SiteScope is prone to cross-site scripting and session fixation vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. Vulnerability Impact: Successful exploitation could allow execution of scripts or actions written by an attacker. In addition, an attacker may conduct session fixation attacks to hijack the target user's session. Affected Software/OS: HP SiteScope version 9.x, 10.x, and 11.x Solution: Apply the patch from the referenced link. CVSS Score: 8.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-2400 BugTraq ID: 48913 http://www.securityfocus.com/bid/48913 HPdes Security Advisory: HPSBMU02692 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 HPdes Security Advisory: SSRT100581 http://osvdb.org/74113 http://securitytracker.com/id?1025856 http://secunia.com/advisories/45440 XForce ISS Database: sitescope-unspecified-xss(68867) https://exchange.xforce.ibmcloud.com/vulnerabilities/68867 Common Vulnerability Exposure (CVE) ID: CVE-2011-2401 BugTraq ID: 48916 http://www.securityfocus.com/bid/48916 http://osvdb.org/74114 XForce ISS Database: sitescope-sessions-session-hijacking(68868) https://exchange.xforce.ibmcloud.com/vulnerabilities/68868 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |