Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1841 |
Message | WEB-CLIENT Javascript URL host spoofing attempt |
Summary | This event is generated when a client on the protected network has possibly visited a website containing malicious javascript code. |
Impact | Minimal |
Detailed Information | Certain versions of Mozilla and Netscape may allow script code to access local cookie data. By accessing a maliciously coded webpage, a users cookie data from any domain may be viewed by the website's administrator. |
Affected Systems | Mozilla versions prior to 1.0.1 Netscape versions prior to 6.2.1 |
Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive cookie data from a visiting user's web browser about any domain he wishes. |
Ease of Attack | Simple |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/5293 |
Rule References | bugtraq: 5293 |
--
DID:291345
--
http://www.aanval.com/