Vulnerability Note VU#476267
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send data to. The malicious HTML can be embedded in documents such as an email message, web page, rich-text log or newsgroup posting.
This vulnerability has been called "cross-protocol scripting."
An intruder may be able to use this vulnerability to send mail (Spam), post News, get or send files from or to an FTP server, or send data to an HTTP server. It may even be possible to exploit a vulnerability in one of these services through this problem, though we are not certain of that at this time. For example, an intruder may be able to exploit this problem as a means of attacking a vulnerable web server that would ordinarily be protected by a firewall. Additionally, it may be possible for an intruder to cause denial-of-service conditions within the network by sending unexpected data to network services. This unexpected data may crash or hang the services receiving the data.
Upgrade your application according to your manufacturer's recommendations, if any. Additionally, do not rely solely on firewalls to provide a guarantee that an intruder can not reach a service. Keep internal systems up to date with respect to patches and workarounds.
If you are a vendor and your product is affected, let
us know.View More »
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||03 Aug 2001||16 Aug 2001|
|Netscape Communications Corporation||Affected||03 Aug 2001||16 Aug 2001|
|The SCO Group (SCO Linux)||Affected||03 Aug 2001||20 Aug 2001|
|FreeBSD, Inc.||Not Affected||03 Aug 2001||17 Aug 2001|
|Apple Computer, Inc.||Unknown||03 Aug 2001||15 Aug 2001|
|Berkeley Software Design, Inc.||Unknown||03 Aug 2001||15 Aug 2001|
|Cray Inc.||Unknown||03 Aug 2001||17 Aug 2001|
|DeC||Unknown||03 Aug 2001||15 Aug 2001|
|Fujitsu||Unknown||03 Aug 2001||17 Aug 2001|
|Hewlett-Packard Company||Unknown||03 Aug 2001||15 Aug 2001|
|MiT Kerberos Development Team||Unknown||03 Aug 2001||15 Aug 2001|
|Mozilla||Unknown||-||04 Feb 2008|
|NEC Corporation||Unknown||03 Aug 2001||15 Aug 2001|
|NetBSD||Unknown||03 Aug 2001||17 Aug 2001|
|OpenBSD||Unknown||03 Aug 2001||15 Aug 2001|
The CERT/CC thanks Jochen Topf for reporting this vulnerability. We would also like to thank Wietse Venema and Steve Bellovin for their assistance in understanding this vulnerability. Additionally Wietse Venema coined the name "cross-protocol scripting."
This document was written by Ian A. Finlay and Shawn V. Hernan.
15 Aug 2001
Date First Published:
16 Aug 2001
Date Last Updated:
04 Feb 2008
If you have feedback, comments, or additional information about this vulnerability, please send us email.