You are here

U-141: Sourcefire Defense Center Bugs

April 5, 2012 - 8:30am

Addthis

PROBLEM:

Sourcefire Defense Center Bugs Let Remote Users Traverse the Directory, Access the Database, and Conduct Cross-Site Scripting Attacks

PLATFORM:

Version(s): prior to 4.10.2.3

ABSTRACT:

Several vulnerabilities were reported in Sourcefire Defense Center. A remote user can conduct cross-site scripting attacks. A remote user can access the database. A remote user can view files on the target system

reference LINKS:

Original Advisory
Security Tracker ID 1026890
Secunia Advisory 48667

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Sourcefire Defense Center interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The system uses common default database credentials. If access to port 3306 has been opened, a remote user can login to the database with the credentials.
A remote user can download certain files from the web server's document directory.

Impact:

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Sourcefire Defense Center interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:

The vendor has issued a fix (4.10.2.3).
 

Addthis