Vigil@nce: Symantec Reporting Server, message injection
April 2009 by Vigil@nce
An attacker can force the login page of Symantec Reporting Server
to display a malicious message.
– Severity: 1/4
– Consequences: data creation/edition
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 29/04/2009
IMPACTED PRODUCTS
– Symantec Antivirus
DESCRIPTION OF THE VULNERABILITY
The Symantec Reporting Server component is used by several
Symantec products to generate reports.
The authentication page of Symantec Reporting Server displays a
message for the user. However, this message directly originates
from the url.
An attacker can therefore indicate his own message in the url.
When the victim clicks on this url, the message of the attacker is
then displayed on the Symantec Reporting Server site, which can
deceive the victim. This vulnerability can for example be used for
a phishing attack.
CHARACTERISTICS
– Identifiers: BID-34668, CVE-2009-1432, SYM09-008,
VIGILANCE-VUL-8681
– Url: http://vigilance.fr/vulnerability/Symantec-Reporting-Server-message-injection-8681
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2