12-05-2007 01:38 AM
In the cisco download area there is a new patch CSCsk69289 for Common Services Versions 3.0 and 3.1.
In the Readme-file I found no explanation for what that patch is and in the Bug Toolkit the Patch description is not visible.
What problem is fixed with this patch ?
12-05-2007 08:10 AM
This fixes a cross-site scripting vulnerability in the login screen.
CS is vulnerable to Cross Site Scripting (XSS) attacks from the CiscoWorks
Server login page, http://server-name:portnumber. In both Windows and Solaris,
the port numbers are 1741 for normal access, and the secure port number is 443.
Both the Windows and Solaris versions of the Cisco Works Server login page are
affected.
The following versions of CiscoWorks Common Services for both Solaris and
Windows operating systems are affected by this vulnerability:
* CiscoWorks Common Services 3.0.x
* CiscoWorks Common Services 3.1
Workaround:
There are no known workarounds for this vulnerability. Cisco recommends
applying a point patch to address the vulnerability. The point patch can be
downloaded from Cisco.com for both Solaris and Windows Operating Systems at:
http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-cd-one
Further Problem Description:
For additional information on XSS attacks and the methods used to exploit
these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin
"Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available
at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml.
12-05-2007 11:59 AM
Thanks for the Info.
12-05-2007 08:10 AM
Here are the release notes for this bug which explain what the patch is for:
Cisco PSIRT published a Cisco Security Response regarding a cross-site
scripting (XSS) vulnerability in CiscoWorks Server login page.
This Cisco Security Response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml.
This vulnerability has been assigned CVE ID CVE-2007-5582.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: