---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: BlueDragon Server Cross-Site Scripting and Denial of Service SECUNIA ADVISORY ID: SA19180 VERIFY ADVISORY: http://secunia.com/advisories/19180/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote SOFTWARE: BlueDragon Server 6.x http://secunia.com/product/10621/ BlueDragon Server JX 6.x http://secunia.com/product/10622/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in BlueDragon Server/Server JX, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) An error exists within the handling of HTTP requests containing an MS-DOS device name with the ".cfm" extension. This can be exploited to cause the service to stop responding to requests for ".cfm" files. Examples: http://[host]/con.cfm http://[host]/aux.cfm http://[host]/com1.cfm http://[host]/com2.cfm Successful exploitation using com1.cfm and com2.cfm requires that the system has serial ports installed. The vendor has reported that the "cfml" extension is also affected. 2) Input passed in the URL is not properly sanitised before being returned to the user in the default error page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/[code].cfm http://[host]/[code].cfml The vulnerabilities have been confirmed in the following versions: * BlueDragon Server for Windows version 6.2.1.286 with IIS 5.0 connector installed. * BlueDragon Server JX for Windows version 6.2.1.286 with IIS 5.0 connector installed. SOLUTION: Filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities. The vendor will reportedly release a fix in June. This has not been confirmed. PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2006-18/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------