National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-4493 Detail

Description

Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

Source:  MITRE      Last Modified:  12/22/2005

Quick Info

CVE Dictionary Entry:
CVE-2005-4493
Original release date:
12/22/2005
Last revised:
07/17/2013
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Speartek (11/07/2006)

We are aware of numerous existing script vulnerabilities and exploits and stand by the security of our system and our ability to address these. This particular exploit is not particularly serious as no sensitive or private user information is ever held within cookies during our checkout process. All user information and client information is secure in our platform. We take all security threats quite seriously and view the efforts of the author of this particular exploit as harmful to our professional image. This is especially important to note because the particular script vulnerability that has been raised poses no real threat to the stability or security of our systems. Again, we are formally responding to this posted cross-site script vulnerability to communicate that we take all such potential security issues very seriously and this particular issue has been addressed. In version 7.0.0 of our software, we have addressed the mentioned cross site scripting vulnerabilities. On any page that a form is on, the query string is sanitized to eliminate the vectors outlined in the XSS vulnerability. Form data is handled to protect against a form post from a different site to try and initialize a cross site scripting attacking via a form post. Sensitive data is not stored in session cookies and in the event that a cookie was stolen, it would contain nothing useful for the attacker. Our software is a hosted application, which allows us to make quick remedies as new exploits are found. Also, our system is monitored consistently and alerts are sent to our administrators when any malicious attempt is seen. The details of this alert include the data sent, from what referral and if there is a specific user that is being targeted on our system.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://pridels0.blogspot.com/2005/12/speartek-xss-vuln.html External Source MISC http://pridels0.blogspot.com/2005/12/speartek-xss-vuln.html
http://www.attrition.org/pipermail/vim/2006-August/001008.html External Source VIM 20060830 22068: Speartek Search Module XSS (fwd)
http://www.securityfocus.com/bid/16018 External Source BID 16018
http://www.vupen.com/english/advisories/2005/3052 External Source VUPEN ADV-2005-3052

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:speartek:speartek:6.0:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 1 change record found - show changes