Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Google Search Appliance proxystylesheet Parameter Multiple Vulnerabilities

Vulnerability Assessment Details

Google Search Appliance proxystylesheet Parameter Multiple Vulnerabilities
Vulnerability Assessment Summary
Checks for proxystylesheet parameter multiple vulnerabilities in Google Search Appliance

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server is affected by multiple flaws.

Description :

The remote Google Search Appliance / Mini Search Appliance fails to
sanitize user-supplied input to the 'proxystylesheet' parameter, which
is used for customization of the search interface. Exploitation of
this issue may lead to arbitrary code execution (as an unprivileged
user), port scanning, file discovery, and cross-site scripting.

See also :

http://metasploit.com/research/vulns/google_proxystylesheet/
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038940.html

Solution :

Contact Google for a fix.

Network Security Threat Level:

Medium / CVSS Base Score : 4.9
(AV:L/AC:L/Au:NR/C:P/I:P/A:P/B:I)

Networks Security ID: 15509

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security
Cables, Connectors


Dell PowerEdge R730xd Server 2.60Ghz 32-Core 64GB 800GB SSD Debian Linux picture

Dell PowerEdge R730xd Server 2.60Ghz 32-Core 64GB 800GB SSD Debian Linux

$836.80


2 x HP ProLiant BL460c (447707-B21) Blade Servers No RAM No HDD picture

2 x HP ProLiant BL460c (447707-B21) Blade Servers No RAM No HDD

$30.00


HP ProLiant DL370 G6 4U Rack Server | 16 x 500GB SAS Drives | 72GB RAM | +extras picture

HP ProLiant DL370 G6 4U Rack Server | 16 x 500GB SAS Drives | 72GB RAM | +extras

$160.00


1U BareMetal pfsense opnsense Router Firewall DNS Server 6x 10GB Ethernet Ports picture

1U BareMetal pfsense opnsense Router Firewall DNS Server 6x 10GB Ethernet Ports

$149.00


IBM CS821 20-Core 2.827GHz 128Gb 1.92Tb SSD 1U Linux Server - 8005-12N Power 8 picture

IBM CS821 20-Core 2.827GHz 128Gb 1.92Tb SSD 1U Linux Server - 8005-12N Power 8

$449.96


PFSENSE 15

PFSENSE 15" Depth Server Router Firewall Supermicro X11SSH-F E3-1240 V5 32GB RAM

$382.00


IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server 8408-E8E picture

IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server 8408-E8E

$674.96


IBM Power8 S822L 20-Core 3.42GHz 256Gb 1.2Tb 40G Elastic Storage Server 5148-22L picture

IBM Power8 S822L 20-Core 3.42GHz 256Gb 1.2Tb 40G Elastic Storage Server 5148-22L

$599.95


IBM System X 3250 M5 Single Xeon Quad Core E3-1220 v3 @3.1GHz,8GB RAM,Linux SUSE picture

IBM System X 3250 M5 Single Xeon Quad Core E3-1220 v3 @3.1GHz,8GB RAM,Linux SUSE

$199.87


1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB picture

1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB

$419.00


Discussions

No Discussions have been posted on this vulnerability.