Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
15
Helpful
3
Replies

Common Services Patch CSCsk69289 for what ?

dainat-bis
Level 1
Level 1

‎12-05-2007 01:38 AM

In the cisco download area there is a new patch CSCsk69289 for Common Services Versions 3.0 and 3.1.

In the Readme-file I found no explanation for what that patch is and in the Bug Toolkit the Patch description is not visible.

What problem is fixed with this patch ?

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎12-05-2007 08:10 AM

This fixes a cross-site scripting vulnerability in the login screen.

CS is vulnerable to Cross Site Scripting (XSS) attacks from the CiscoWorks

Server login page, http://server-name:portnumber. In both Windows and Solaris,

the port numbers are 1741 for normal access, and the secure port number is 443.

Both the Windows and Solaris versions of the Cisco Works Server login page are

affected.

The following versions of CiscoWorks Common Services for both Solaris and

Windows operating systems are affected by this vulnerability:

* CiscoWorks Common Services 3.0.x

* CiscoWorks Common Services 3.1

Workaround:

There are no known workarounds for this vulnerability. Cisco recommends

applying a point patch to address the vulnerability. The point patch can be

downloaded from Cisco.com for both Solaris and Windows Operating Systems at:

http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-cd-one

Further Problem Description:

For additional information on XSS attacks and the methods used to exploit

these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin

"Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available

at the following link:

http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml.

dainat-bis
Level 1
Level 1
In response to Joe Clarke

‎12-05-2007 11:59 AM

Thanks for the Info.

0 Helpful

David Stanford
Cisco Employee
Cisco Employee

‎12-05-2007 08:10 AM

Here are the release notes for this bug which explain what the patch is for:

Cisco PSIRT published a Cisco Security Response regarding a cross-site

scripting (XSS) vulnerability in CiscoWorks Server login page.

This Cisco Security Response is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml.

This vulnerability has been assigned CVE ID CVE-2007-5582.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents