Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1735 |
| Message | WEB-CLIENT XMLHttpRequest attempt |
| Summary | This event is generated when a client on the protected network has possibly visited a website containing a malicious link leading to disclosure of information on the client. |
| Impact | Information disclosure. |
| Detailed Information | Certain versions of Mozilla, Netscape and other browsers based on these may allow a malicious link to reveal information about the files and filesystem on a host. HTTP redirects are mishandled by the XMLHttpRequest object in some browsers, this may allow a malicious web server to retrieve information from the client host if the redirect points to a local file. |
| Affected Systems | Eazel Nautilus 1.0.4 Galeon 1.2 and 1.2.1 Mozilla versions 0.9.7 to 1.0 RC1 Netscape versions 6.1 to 6.2.2 |
| Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive information from a visiting user's web browser about any file or filesystem on the host he wishes. |
| Ease of Attack | Simple |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/4628 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354 |
| Rule References | bugtraq: 4628 cve: 2002-0354 |
--
DID:447208
--
http://www.aanval.com/