GForge Advanced Server Multiple Security Vulnerabilities
BID:51912
Info
GForge Advanced Server Multiple Security Vulnerabilities
| Bugtraq ID: | 51912 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1061 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Reported by the vendor and Mateusz Krzeszowiec |
| Vulnerable: |
GForge GForge Advanced Server 6.0 |
| Not Vulnerable: |
GForge GForge Advanced Server 6.0.1 |
Discussion
GForge Advanced Server Multiple Security Vulnerabilities
GForge Advanced Server is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a security-bypass vulnerability, multiple cross-site scripting vulnerabilities, and an SQL-injection vulnerability.
Successful exploits will allow an attacker to steal cookie-based authentication credentials, bypass security restrictions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GForge Advanced Server 6.0.0 is vulnerable; other versions may also be affected.
GForge Advanced Server is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a security-bypass vulnerability, multiple cross-site scripting vulnerabilities, and an SQL-injection vulnerability.
Successful exploits will allow an attacker to steal cookie-based authentication credentials, bypass security restrictions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GForge Advanced Server 6.0.0 is vulnerable; other versions may also be affected.
Exploit / POC
GForge Advanced Server Multiple Security Vulnerabilities
Attackers can exploit these issues with a browser. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
Attackers can exploit these issues with a browser. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
Solution / Fix
GForge Advanced Server Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
GForge Advanced Server Multiple Security Vulnerabilities
References:
References:
- GForge Homepage (GForge)
- GForge Advanced Server 6.0.1 Released! (GForge )