[Openvas-plugins] gb_mort_bay_jetty_mult_xss_vuln.nasl
Michael Meyer
michael.meyer at greenbone.net
Wed Feb 1 09:20:44 CET 2012
*** Sébastien AUCOUTURIER <s.aucouturier at itrust.fr> wrote:
> this plugin refers to CVE-2009-4612,
> a XSS vulnerability for Jetty version 6.0.x to 6.1.21.
>
> The plugin first,
>
> (1)
> - try the XSS and check the return
> if it match it 'warning_exit'
Strange...the first part only runs if "safe checks" are disabled. That
make no sense in this case.
> (2)
> - it check the version for Jetty
> if it match 6.0.x to 6.1.21, it 'warning_exit'
>
>
> why the plugin do not test first (2) , exit if it does not match
> and then do (1)
>
> because (1) can easily be a false positive as example my server return :
>
> No topic found for "jspsnoop<script>alert(123)<script>"
>
> that of couse match .... and my server is jetty 7.5.4 so not vulnerable
> to this CVE.
Yes, the pattern for a successfull XSS is not very good in this NVT.
Thanks for pointing out. I'll take care of this.
Micha
--
Michael Meyer OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
More information about the Openvas-plugins
mailing list