HP's Arcsight Connector appliance v188.8.131.5244.0 and Arcsight Logger appliance v184.108.40.20688.0 (and possibly other versions) contain a file import facility which is vulnerable to cross-site scripting (XSS).
A remote attacker may, by luring a user into importing a malicious host file, be able to disclose sensitive information, steal user cookies, or escalate privileges.
The vendor's HPSBMU02836 SSRT101056 security advisory states: HP has provided HP ArcSight Connector Appliance v6.4 and HP ArcSight Logger v5.3 to resolve these issues. Please contact HP support to receive updates.
Do not import host file from untrusted sources
Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-08-06|
|Date Last Updated:||2013-02-15 13:28 UTC|