Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1841 |
| Message | WEB-CLIENT Javascript URL host spoofing attempt |
| Summary | This event is generated when a client on the protected network has possibly visited a website containing malicious javascript code. |
| Impact | Minimal |
| Detailed Information | Certain versions of Mozilla and Netscape may allow script code to access local cookie data. By accessing a maliciously coded webpage, a users cookie data from any domain may be viewed by the website's administrator. |
| Affected Systems | Mozilla versions prior to 1.0.1 Netscape versions prior to 6.2.1 |
| Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive cookie data from a visiting user's web browser about any domain he wishes. |
| Ease of Attack | Simple |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/5293 |
| Rule References | bugtraq: 5293 |
--
DID:291345
--
http://www.aanval.com/