GEN:SID | 1:2198 |
Message | WEB-CGI cvslog.cgi access |
Summary | This event is generated when an attempt is made to access cvslog.cgi on an internal web server. This may indicate an attempt to exploit a cross-site scripting vulnerability in Mozilla Bonsai 1.3.
|
Impact | Arbitrary code execution, possible session hijack.
|
Detailed Information | Mozilla Bonsai, a CVS query tool, contains an information disclosure vulnerability in cvslog.cgi. An attacker can discover the location of the Mozilla Bonsai application by sending a malformed request to the application, which produces an error. The error message shows the full path of the cvslog.cgi file, providing the attacker with information about the server directory structure.
|
Affected Systems | Any system running Mozilla Bonsai 1.3.
|
Attack Scenarios | An attacker sends an erroneous request to cvslog.cgi on the Bonsai server. The error message returns the full path of the script, allowing the attacker to discover more information about the server directory structure for possible use in later attacks.
|
Ease of Attack | Simple. Proof of concept exists.
|
Corrective Action | Upgrade to a newer build of Mozilla Bonsai 1.3.
If you are running Mozilla Bonsai on Debian 3.0, Debian has provided patches at http://security.debian.org/pool/updates/main/b/bonsai/.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/5517
|
Rule References | bugtraq: 4579
bugtraq: 5517
cve: 2003-0153
nessus: 11748
|