[Full-Disclosure] Fw: Re: Centrinity FirstClass HTTP Server Cross Site Scripting
r.i.c.h at btopenworld.com
Wed Mar 24 01:38:38 GMT 2004
-- Original message --
From: "FirstClass Mail Tech" <mailtech at firstclass.com>
To: "Richard Maudsley" <r.i.c.h at btopenworld.com>
Subject: Re: Centrinity FirstClass HTTP Server Cross Site Scripting
Sorry if you get this twice. This is a response directly from our
>Description: Injected code is rendered in the context of the vulnerable
>It may be possible to steal cookies from users who are logged into the
"This is a bug, although not quite as serious as the author might think.
Basically the cookie contains no actual decodable data (like password,
userID, etc.), it is short lived (duration of session), and it is usually IP
address sensitive (config dependant). To quote my expert:
It does, though (like most such vulnerabilities) it would require a fair
amount of human engineering to exploit. What this would allow is for
to acquire a user's login cookie. The user would have to be logged in on
web and click on a malicious URL (possibly in a message), which would allow
user to harvest their current login cookie. It won't be useful if the
allow sessions to switch IP address" checkbox is on in the advanced web &
form, or if the user logs out (or times out) before the harvester can use
cookie (typically, a matter of minutes). Overall I would rate this as a
If a given customer needs immediate relief, have them edit their
file and find and remove the following bit of code (its a small file, so it
isn't hard to find):
<!--#if expr="<X-FC-URL-PARAMETER TargetName EXISTS>"--><X-FC-URL-PARAMETER
>It is likely that other pages are also vulnerable.
The only other pages are some error pages which can be similarly modified."
FirstClass Mail Tech
Open Text, FirstClass Messaging Division
"Email, fax, voice-mail, calendaring, conferencing....get to your
from any device, anywhere, anytime."
Come and see our new FirstClass Support website:
-- End of message --
Full-Disclosure is hosted and sponsored by Secunia.