Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Common Services Patch CSCsk69289 for what ?

In the cisco download area there is a new patch CSCsk69289 for Common Services Versions 3.0 and 3.1.

In the Readme-file I found no explanation for what that patch is and in the Bug Toolkit the Patch description is not visible.

What problem is fixed with this patch ?

3 REPLIES
Cisco Employee

Re: Common Services Patch CSCsk69289 for what ?

This fixes a cross-site scripting vulnerability in the login screen.

CS is vulnerable to Cross Site Scripting (XSS) attacks from the CiscoWorks

Server login page, http://server-name:portnumber. In both Windows and Solaris,

the port numbers are 1741 for normal access, and the secure port number is 443.

Both the Windows and Solaris versions of the Cisco Works Server login page are

affected.

The following versions of CiscoWorks Common Services for both Solaris and

Windows operating systems are affected by this vulnerability:

* CiscoWorks Common Services 3.0.x

* CiscoWorks Common Services 3.1

Workaround:

There are no known workarounds for this vulnerability. Cisco recommends

applying a point patch to address the vulnerability. The point patch can be

downloaded from Cisco.com for both Solaris and Windows Operating Systems at:

http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-cd-one

Further Problem Description:

For additional information on XSS attacks and the methods used to exploit

these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin

"Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available

at the following link:

http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml.

New Member

Re: Common Services Patch CSCsk69289 for what ?

Thanks for the Info.

Cisco Employee

Re: Common Services Patch CSCsk69289 for what ?

Here are the release notes for this bug which explain what the patch is for:

Cisco PSIRT published a Cisco Security Response regarding a cross-site

scripting (XSS) vulnerability in CiscoWorks Server login page.

This Cisco Security Response is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml.

This vulnerability has been assigned CVE ID CVE-2007-5582.

142
Views
15
Helpful
3
Replies
CreatePlease login to create content