Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability

Bugtraq ID:	9928
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 19 2004 12:00AM
Updated:	Mar 19 2004 12:00AM
Credit:	This issue was disclosed in the referenced vendor advisory.
Vulnerable:	Tarantella Enterprise 3 3.40
Not Vulnerable:

Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability

Reportedly the 'ttacab.cgi' script bundled with Tarantella Enterprise 3 is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to sufficiently sanitize user supplied URI input.

This issue may be leveraged to steal cookie based authentication credentials, other attacks are possible as well.

Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue.

Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability

Solution:
The vendor has released fixes for this issue in the form of an updated script.


Tarantella Enterprise 3 3.40

• Tarantella ttacab.cgi.gz
  http://www.tarantella.com/tarantella_downloads/Tarantella.E3/cgi.60539 3/ttacab.cgi.gz

Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability

References:

• Tarantella Enterprise 3 (Tarantella)
  
• Tarantella Security Bulletin #09 (Tarantella)