SNS Vulnerability

ToutVirtual VirtualIQ Code Execution and Information Disclosure Issues

Description

Multiple vulnerabilities have been identified in ToutVirtual VirtualIQ Pro, which could be exploited by remote attackers to bypass security restrictions, gain knowledge of sensitive information, manipulate data, or compromise a vulnerable system. These issues are caused by input and access validation errors in the "setPermissions.jsp", "addDepartment.jsp", "inventoryTabs.jsp", "virtualIQAdminReports.do", "user.do" and "status" files, and within the JBoss JMX Management Console, which could be exploited to conduct cross site scripting and request forgery attacks, list files within directories, or execute arbitrary code.

Vulnerable Products

Vulnerable Software:
ToutVirtual VirtualIQ Pro versions 3.x

Solution

Upgrade to the latest version : http://www.toutvirtual.com/downloads/downloads.php

CVE

CVE-2009-4849
CVE-2009-4848
CVE-2009-4845
CVE-2009-4844
CVE-2009-4843

References

http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
Java : Suspicious access to META-INF and WEB-INF folders	3.5.0

Risk level

High

Vulnerability First Public Report Date

2009-11-16

Target Type

Client + Server

Possible exploit

Local & Remote