Apple WebObjects Unspecified Cross Site Scripting Vulnerability
BID:50679
Info
Apple WebObjects Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 50679 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-3998 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2011 12:00AM |
| Updated: | Nov 15 2011 12:00AM |
| Credit: | Daiki Fukumori of Cyber Defense Institute |
| Vulnerable: |
Apple WebObjects 5.1.4 Apple WebObjects 5.1.3 Apple WebObjects 5.1.2 Apple WebObjects 5.2 Apple WebObjects 5.1 Apple WebObjects 5.0 |
| Not Vulnerable: | |
Discussion
Apple WebObjects Unspecified Cross Site Scripting Vulnerability
Apple WebObjects is prone to an unspecified cross-site scripting vulnerability.
Successful exploits will allow attacker-supplied script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Apple WebObjects 5.2 and prior are vulnerable.
Apple WebObjects is prone to an unspecified cross-site scripting vulnerability.
Successful exploits will allow attacker-supplied script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Apple WebObjects 5.2 and prior are vulnerable.
Exploit / POC
Apple WebObjects Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue using a browser.
Attackers can exploit this issue using a browser.
Solution / Fix
Apple WebObjects Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Apple WebObjects Unspecified Cross Site Scripting Vulnerability
References:
References: