GEN:SID | 1:1735 |
Message | WEB-CLIENT XMLHttpRequest attempt |
Summary | This event is generated when a client on the protected network has possibly visited a website containing a malicious link leading to disclosure of information on the client.
|
Impact | Information disclosure.
|
Detailed Information | Certain versions of Mozilla, Netscape and other browsers based on these may allow a malicious link to reveal information about the files and filesystem on a host.
HTTP redirects are mishandled by the XMLHttpRequest object in some browsers, this may allow a malicious web server to retrieve information from the client host if the redirect points to a local file.
|
Affected Systems | Eazel Nautilus 1.0.4 Galeon 1.2 and 1.2.1 Mozilla versions 0.9.7 to 1.0 RC1 Netscape versions 6.1 to 6.2.2
|
Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive information from a visiting user's web browser about any file or filesystem on the host he wishes.
|
Ease of Attack | Simple
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/4628
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354
|
Rule References | bugtraq: 4628
cve: 2002-0354
|