Detections
Analytics

ViewVC Invalid Parameter Arbitrary HTML Injection

medium Nessus Plugin ID 42348

Language:

Synopsis

An application running on the remote web server has an HTML injection vulnerability.

Description

The version of ViewVC hosted on the remote host is vulnerable to a HTML injection attack. Requesting a URL with an invalid parameter name in the query string generates an error message that echoes back the parameter name. Any URLs included in the invalid parameter name become hyperlinks. A remote attacker could trick a user into requesting a malicious URL to facilitate a social engineering attempt.

According to some reports, there is also an unrelated cross-site scripting issue in this version of ViewVC, though Nessus has not checked for that.

Solution

Upgrade to ViewVC 1.0.9 or later.

See Also

http://www.nessus.org/u?846e7b9b

http://www.nessus.org/u?66b6cc34

Plugin Details

Severity: Medium

ID: 42348

File Name: viewvc_invalid_param_injection.nasl

Version: 1.18

Type: remote

Published: 11/3/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:viewvc:viewvc

Required KB Items: www/viewvc

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2009

Vulnerability Publication Date: 7/6/2009

Reference Information

BID: 36035

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990