English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

RSA NetWitness Informer Clickjacking and Cross-Site Request Forgery Vulnerabilities


Secunia ID

SA51483

CVE-ID

CVE-2012-4608, CVE-2012-4609

Release Date

04 Dec 2012

Criticality

Less Critical

Solution Status

Vendor Patch

Software

NetWitness Informer 2.x

Where

From remote

Impact
Cross-Site Scripting

Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.

Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".

Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.

Description

Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.

1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions if a logged-in user visits a malicious web site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into clicking a specially crafted link via clickjacking.

The vulnerabilities are reported in versions prior to 2.0.5.6.

Solution

Update to version 2.0.5.6.

Reported by

Reported by the vendor.

Original Advisory

EMC:
http://archives.neohapsis.com/archives/bugtraq/2012-12/att-0002/ESA-2012-052.txt