iPlanet Web Server Search Module Cross-Site Scripting Vulnerability

Bugtraq ID:	21977
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 09 2007 12:00AM
Updated:	Jan 10 2007 08:50PM
Credit:	Khalsa is credited with the discovery of this vulnerability.
Vulnerable:	iPlanet Web Server 4.1 SP9 iPlanet Web Server 4.1 SP8 iPlanet Web Server 4.1 SP7 iPlanet Web Server 4.1 SP6 iPlanet Web Server 4.1 SP5 iPlanet Web Server 4.1 SP4 iPlanet Web Server 4.1 SP3 iPlanet Web Server 4.1 SP2 iPlanet Web Server 4.1 SP13 iPlanet Web Server 4.1 SP12 iPlanet Web Server 4.1 SP11 iPlanet Web Server 4.1 SP10 iPlanet Web Server 4.1 SP1
Not Vulnerable:	iPlanet Web Server 6.0

iPlanet Web Server Search Module Cross-Site Scripting Vulnerability

iPlanet Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects all versions of iPlanet Web Server 4.

iPlanet Web Server Search Module Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspected victim to follow a malicious URI.

An example URI has been provided:

http://www.example.com/search?NS-max-records=[some number]"<script>

iPlanet Web Server Search Module Cross-Site Scripting Vulnerability

Solution:
The vendor has released iPlanet Web Server version 6.0.0 to address this issue; please contact the vendor for details regarding upgrades.

iPlanet Web Server Search Module Cross-Site Scripting Vulnerability

References:

• iPlanet Web Server Web Site (Sun)