Digital Arts i-FILTER Multiple Input Validation Security Vulnerabilities
BID:106917
Info
Digital Arts i-FILTER Multiple Input Validation Security Vulnerabilities
| Bugtraq ID: | 106917 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-16180 CVE-2018-16181 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2018 12:00AM |
| Updated: | Dec 07 2018 12:00AM |
| Credit: | Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. |
| Vulnerable: |
Digital Arts Inc i-filter APT Protection 0 Digital Arts Inc i-filter 9.50R05 Digital Arts Inc i-filter 10.20 |
| Not Vulnerable: |
Digital Arts Inc i-filter 9.50R06 Digital Arts Inc i-filter 10.20R01 |
Discussion
Digital Arts i-FILTER Multiple Input Validation Security Vulnerabilities
Digital Arts i-FILTER is prone to following input-validation vulnerabilities.:
1. An unspecified cross-site scripting vulnerability
2. An unspecified HTTP header-injection vulnerability
An attacker may leverage these issues to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site . This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products and version are vulnerable:
i-FILTER 9.50R05 and prior
i-FILTER 10.20 and prior
i-filter APT Protection
Digital Arts i-FILTER is prone to following input-validation vulnerabilities.:
1. An unspecified cross-site scripting vulnerability
2. An unspecified HTTP header-injection vulnerability
An attacker may leverage these issues to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site . This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products and version are vulnerable:
i-FILTER 9.50R05 and prior
i-FILTER 10.20 and prior
i-filter APT Protection
Solution / Fix
Digital Arts i-FILTER Multiple Input Validation Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Digital Arts i-FILTER Multiple Input Validation Security Vulnerabilities
References:
References:
- Digital Arts Homepage (Digital Arts)
- i-FILTER Productpage (Digital Arts)
- Multiple vulnerabilities in i-FILTER ()