Vigil@nce: Blue Coat SG WebFilter, Cross Site Scripting of ICAP patience
October 2008 by Vigil@nce
SYNTHESIS
An attacker can force the victim to download a big file in order
to create a Cross Site Scripting on WebFilter.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 03/10/2008
IMPACTED PRODUCTS
– Blue Coat ProxySG
DESCRIPTION
When the user downloads a file, Blue Coat SG WebFilter displays
the "ICAP patience" page to inform that the file is being scanned.
The patience page uses the $(url) variable to indicate the current
url. However, this url is not filtered before being displayed.
An attacker can therefore force the victim to download a file with
a special url in order to create a Cross Site Scripting on
WebFilter.
CHARACTERISTICS
Identifiers: BID-31543, VIGILANCE-VUL-8145