Firewall-1 HTML Script Tag Bypass Vulnerability

vendor:

Firewall-1

by:

SecurityFocus

7.5

CVSS

HIGH

Bypass vulnerability

CWE

Product Name: Firewall-1

Affected Version From: 3

Affected Version To: 3.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Firewall-1 HTML Script Tag Bypass Vulnerability

Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. In version 3, this function can be bypassed by adding an extra opening angle bracket. The tag will be left unmodified, and the browser will be able to execute the contained script. Hostile script could lead to a remote compromise of the client system.

Mitigation:

Upgrade to Firewall-1 version 4 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/954/info

Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3, this function can be bypassed by adding an extra opening angle bracket. The tag will be left unmodified, and the browser will be able to execute the contained script. Hostile script could lead to a remote compromise of the client system.

Firewall-1 version 4 will alter the tag as expected. 

<html>
<<script language="javascript">
alert("<<script> tag succesfully passed!")
</script>
Click <A HREF="/vdb/bottom.html?section=exploit&vid=954">here</A> to return to vulnerability listing.
</html>