csrf & xss issue (resulting from csrf).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cherokee (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cherokee
The cherokee admin server is vulnerable to csrf.
Using csrf it is possible to produce a persistent xss in several pages - including the 'status' page via the 'nickname field' of a vserver.
An example of this is the following:
<html>
<body>
<form action="http://
<input type="text" name="tmp!
<input type="text" name="tmp!new_nick" value='" onselect=alert(1) autofocus> <embed src="javascript
</form>
<script>
</body>
A Worst case scenario could be something like the following:
If a user is logged in and the cherokee admin server is running on localhost:9090 then if they visit a $bad page - the bad page may be able to send requests to the server so as to reconfigure it to:
1. run as root
2. the logging of error(or access) will run a command ...
CVE References
Changed in cherokee (Ubuntu): | |
status: | New → Confirmed |
visibility: | private → public |
minor fixy