|
|
Family: CGI abuses --> Category: attack
Google Search Appliance proxystylesheet Parameter Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for proxystylesheet parameter multiple vulnerabilities in Google Search Appliance
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by multiple flaws.
Description :
The remote Google Search Appliance / Mini Search Appliance fails to
sanitize user-supplied input to the 'proxystylesheet' parameter, which
is used for customization of the search interface. Exploitation of
this issue may lead to arbitrary code execution (as an unprivileged
user), port scanning, file discovery, and cross-site scripting.
See also :
http://metasploit.com/research/vulns/google_proxystylesheet/
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038940.html
Solution :
Contact Google for a fix.
Threat Level:
Medium / CVSS Base Score : 4.9
(AV:L/AC:L/Au:NR/C:P/I:P/A:P/B:I)
Click HERE for more information and discussions on this network vulnerability scan.
|
