Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1735 |
Message | WEB-CLIENT XMLHttpRequest attempt |
Summary | This event is generated when a client on the protected network has possibly visited a website containing a malicious link leading to disclosure of information on the client. |
Impact | Information disclosure. |
Detailed Information | Certain versions of Mozilla, Netscape and other browsers based on these may allow a malicious link to reveal information about the files and filesystem on a host. HTTP redirects are mishandled by the XMLHttpRequest object in some browsers, this may allow a malicious web server to retrieve information from the client host if the redirect points to a local file. |
Affected Systems | Eazel Nautilus 1.0.4 Galeon 1.2 and 1.2.1 Mozilla versions 0.9.7 to 1.0 RC1 Netscape versions 6.1 to 6.2.2 |
Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive information from a visiting user's web browser about any file or filesystem on the host he wishes. |
Ease of Attack | Simple |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/4628 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354 |
Rule References | bugtraq: 4628 cve: 2002-0354 |
--
DID:447208
--
http://www.aanval.com/