SSL-Explorer Multiple Input Validation Vulnerabilities
BID:24319
Info
SSL-Explorer Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 24319 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2907 CVE-2007-5831 CVE-2007-5832 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Nov 15 2007 12:35AM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
3sp SSL-Explorer 0.1.16 |
| Not Vulnerable: |
3sp SSL-Explorer 0.2.15 3sp SSL-Explorer 0.2.14 |
Discussion
SSL-Explorer Multiple Input Validation Vulnerabilities
SSL-Explorer is prone to multiple input-validation vulnerabilities, including HTML-injection, cross-site scripting, and directory-traversal issues, because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, and access or modify data.
SSL-Explorer is prone to multiple input-validation vulnerabilities, including HTML-injection, cross-site scripting, and directory-traversal issues, because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, and access or modify data.
Exploit / POC
SSL-Explorer Multiple Input Validation Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
SSL-Explorer Multiple Input Validation Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Solution:
The vendor released an update to address these issues. Please see the references for more information.
References
SSL-Explorer Multiple Input Validation Vulnerabilities
References:
References:
- SSL-Explorer 0.2.13 released (3sp)
- Vendor Homepage (3sp)