Summary
The host is running Tembria Server Monitor and is prone to cross-site scripting and information disclosure vulnerabilities.
Impact
Successful exploitation will allow attacker to gain the sensitive information about the user, session, and application and using XSS, an attacker could insert malicious code into a web page and entice users to execute the malicious code.
Impact Level: Application
Solution
Upgrade Tembria Server Monitor version 6.0.5 Build 2252 or later, For updates refer tohttp://www.tembria.com/download
Insight
Multiple flaws are due to,
- An error in the Web application management interface, which allows for execution of Cross-site Scripting (XSS) attacks.
- An error in Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application.
Affected
Tembria Server Monitor Version 6.0.4 Build 2229 and prior.
References
Severity
Classification
-
CVE CVE-2011-3684, CVE-2011-3685 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Apple Safari 'SRC' Remote Denial Of Service Vulnerability
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)