search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HP ArcSight Connector Appliance XSS vulnerability

Vulnerability Note VU#122054

Original Release Date: 2011-07-15 | Last Revised: 2011-07-15

Overview

ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).

Description

Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for "Microsoft OS Version". In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again.

For example, the following javascript code can be injected into the "Windows XP" variable of the exported file:

...,"Windows XP<script> alert('XSS')</script>","en_US"

Impact

An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.

Solution

Apply an Update
ArcSight Connector Appliance version 6.1 addresses this vulnerability.

Vendor Information

122054
 
Affected   Unknown   Unaffected

Hewlett-Packard Company

Notified:  April 29, 2011 Updated:  June 28, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-0770
Severity Metric: 4.59
Date Public: 2011-07-15
Date First Published: 2011-07-15
Date Last Updated: 2011-07-15 16:21 UTC
Document Revision: 24

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.