HTTP Host header attacks against web proxy disclaimer response webpage CVE-2017-14190

-

HTTP Host header attacks against web proxy disclaimer response webpage

Summary

The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.
In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent.

Impact

Persistent Cross-site Scripting (XSS)

CVE ID CVE-2017-14190

Affected Products

FortiOS 5.6.0 to 5.6.2
FortiOS 5.4.0 to 5.4.7
FortiOS 5.2 and lower versions.

Solutions

FortiOS 5.6 branch: Upgrade to 5.6.3
FortiOS 5.4 branch: Upgrade to 5.4.8
FortiOS 5.2 and lower versions: Upgrade to branch 5.4 or above, or resort to Workarounds below.
Workarounds:
In System->Replacement Messages->Web-proxy->"Web-proxy HTTP Error Page", remove the following default message content:
              URL: %%PROTOCOL%%://%%URL%%

Comments

Post a Comment

Popular posts from this blog

VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability (CVE-2021-22034)

-
  1. Impacted Products VMware vRealize Operations Tenant App for VMware Cloud Director 2. Introduction An information disclosure vulnerability in VMware vRealize Operations Tenant App for VMware Cloud Director was privately reported to VMware. Patch is available to address this vulnerability in impacted VMware products.  3. Information Disclosure Vulnerability in VMware vRealize Operations Tenant App for VMware Cloud Director (CVE-2021-22034) Description T...
Read more

TYPO3 CMS is vulnerable to SQL injection. CVE-2019-19850

-
It has been discovered that TYPO3 CMS is vulnerable to SQL injection. Component Type: TYPO3 CMS Subcomponent: Query Generator (ext:lowlevel) Release Date: December 17, 2019 Vulnerability Type: SQL Injection Affected Versions: 8.0.0-8.7.29 and 9.0.0-9.5.11 and 10.0.0-10.2.0 Severity: Medium Suggested CVSS v3.1:   AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C CVE:   CVE-2019-19850 Problem Description Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection. Having system extension ext:lowlevel installed and a valid backend user having administrator privileges are required to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.30 or 9.5.12 or 10.2.2 that fix the problem described. Credits Thanks to Dhiraj Shrikant Datar ( Zacco CyberSecurity Research Labs ) who reported this issue and to TYPO3 framework merger Frank Nägler  who fixed the issue. General Advice Follo...
Read more