Home page logo
/

bugtraq logo Bugtraq mailing list archives

XSS In Neoteris IVE Allows Session Hijacking
From: Dave Palumbo <dpalumbo () yahoo com>
Date: Mon, 12 May 2003 20:49:58 -0700 (PDT)

Note to Moderator:

In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful
if you would pass this one onto the list....thanks.  -d.

----------------------------------------------------------------------------------------------------=<sMax.
Security Advisory>=- 

Advisory Title: Cross-Site Scripting (XSS) in Neoteris IVE Allows Session Hijacking 
Release Date: May 13, 2003 
Product: Neoteris Instant Virtual Extranet (IVE), Versions 3.01 and Prior 
Overall Risk: Medium 
CVE Candidate: CAN-2003-0217 
---------------------------------------------------------------------------------------------------

PRODUCT OVERVIEW: 

Neoteris Instant Virtual Extranet (IVE) is an appliance-based remote access solution that is 
accessed via a standard web browser. The Neoteris IVE is one of the more well known "clientless 
VPN" solutions, and in fact boasts an impressive, growing list of customers (see 
http://www.neoteris.com for more information). Once authenticated to the remote network via the 
IVE, a user can theoretically access all internal resources, provided the Neoteris box is 
configured accordingly. 

Quoting from the company website, "The Neoteris IVE has always provided a means to remote access 
with a dramatically lower Total Cost of Ownership vs. traditional methods like VPN or dial. The 
IVE also enhances security, by eliminating open-ended, network layer connections. The security of 
the IVE has been verified by a several well-known independent security authorities." 

VULNERABILITY: 

A cross-site scripting (XSS) vulnerability exists in Neoteris IVE v3.01 and prior. An argument 
passed to a CGI script does not properly validate input. It has been confirmed that exploiting 
this vulnerability can lead to a legitimate user's session being hijacked, bypassing any 
authentication. 

SOLUTION: 

I would like to thank Neoteris for their cooperation in developing a remediation for this 
vulnerability. A patch has been released for v3.01 and prior. In addition, this issue has been 
fixed in v3.1. Patch and new version release information is available for customers at 
https://support.neoteris.com. 

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0217 to this

issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which 
standardizes names for security problems. 

Special thanks to DW (shall I say greetz?) for his invaluable help with these issues. 

- Dave Palumbo 

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


  By Date           By Thread  

Current thread:
  • XSS In Neoteris IVE Allows Session Hijacking Dave Palumbo (May 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault