1. Vulnerability AlertSymantec
SilverStripe Multiple Cross-Site Scripting Vulnerabilities
50063Bugtraq ID
Threat Breakdown
Credibility Single Source
Ease of Exploit
Impact
Severity
8
4
6.1
Synopsis
Urgency Rating 6.1
CVSS Version 2
CVSS2 Base
CVSS2 Temporal
5.8
5
CVE-MAP-NOMATCH
Oct 11 2011Published
Classification Input Validation Error
Remote Yes Local No
Availability User Initiated Authentication Not Required
Ease Exploit Available
Last Update 10/11/2011 7:12:43 PM GMT
Last Change Initial analysis.
CVE
CVSS2 Base
CVSS1 Base
5.8
3.7
CVSS Version 2
CVSS Version 1
CVSS2 Base
Vector
CVSS1
Temporal
AV:N/AC:M/Au:N/C:P/I:P/A:N
3.2
CVSS2
Temporal
5 CVSS2
Temporal Vector
E:F/RL:U/RC:UC
NVD CVSS2
BaseScore
4.3 NVD CVSS2
Component
String
AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerable Systems
SilverStripe SilverStripe 2.4.5 cpe:/a:silverstripe:silverstripe:2.4.5 SYMC
Short Summary
SilverStripe is prone to multiple cross-site scripting vulnerabilities.
Impact
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the
context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch
other attacks.
Technical Description
SilverStripe is an open source content management system.
The application is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input
passed through the following URIs:
'admin/reports'
'admin/comments'
'admin'
'admin/show/4'
'admin/show/2'
'admin/show/root'
'admin/show/3'
'admin/show'
SilverStripe Multiple Cross-Site Scripting Vulnerabilities
Create Date 10/11/2011 7:15:13 PM GMT
2. 'admin/reports'
'admin/comments'
'admin'
'admin/show/4'
'admin/show/2'
'admin/show/root'
'admin/show/3'
'admin/show'
'admin/assets'
'admin/show/1'
'admin/show/5'
'admin/security'
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the
context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch
other attacks.
SilverStripe 2.4.5 is vulnerable; other versions may also be affected.
Attack Scenarios
1. An attacker scans for and locates a site running the affected application.
2. The attacker crafts a URI that includes malicious script code to leverage any of the issues.
3. The attacker uses email or some other means to distribute the malicious link and entice an unsuspecting user to
follow it.
4. When the user follows the link, the attacker-specified script code runs in their browser in the context of the affected
site.
A successful exploit will allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Exploits
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example is available:
Stefan Schurtz 2011-10-11 00:00:00Z
http://downloads.securityfocus.com/vulnerabilities/exploits/50063.txt
Mitigating Strategies
Block external access at the network boundary, unless external parties require service.
If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to
only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
Run all software as a nonprivileged user with minimal access rights.
Attackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When
possible, run client software as regular user accounts with limited access to system resources. This may limit the
immediate consequences of client-side vulnerabilities.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to websites that are provided by unfamiliar or suspicious sources.
Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
SilverStripe Multiple Cross-Site Scripting Vulnerabilities
Create Date 10/11/2011 7:15:13 PM GMT
3. Set web browser security to disable the execution of script code or active content.
Since exploiting cross-site scripting issues often requires the execution of malicious script code in web clients,
consider disabling script code and active content support within a client browser as a way to prevent a successful
exploit. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of
browser-based script code.
Solutions
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent
information, please mail us at: vuldb@securityfocus.com.
Credit
Stefan Schurtz
References
Advisory:SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities Stefan Schurtz
http://www.rul3z.de/advisories/SSCHADV2011-024.txt
SilverStripe 2.4.5 Multiple backend Cross-site scripting (sschurtz@t-online.de)
http://www.securityfocus.com/archive/1/201110080822.p988MCbu025404@sf01web2.securityfocus.com
Web Page:SilverStripe Homepage SilverStripe
http://www.silverstripe.com
Change Log
2011.10.11: Initial analysis.
URL
https://alerts.symantec.com/loaddocument.aspx?GUID=d3c2871c-f066-41c9-8208-942c79f84d0a
SilverStripe Multiple Cross-Site Scripting Vulnerabilities
Create Date 10/11/2011 7:15:13 PM GMT