Claroline Multiple Cross Site Scripting and Local File Inclusion Vulnerabilities


Description   Multiple vulnerabilities have been identified in Claroline, which could be exploited by remote attackers to execute malicious scripting code or disclose the contents of arbitrary files.
The first issue is caused by an input validation error in the "inc/lib/language.lib.php" script when processing the "language" parameter, which could be exploited by malicious users to include local files with the privileges of the web server.
The second vulnerability is caused by input validation errors in the "admin/adminusers.php", "admin/advancedUserSearch.php" and "admin/campusProblem.php" scripts when processing the "dir", "action" and "view" parameters, which could be exploited by malicious people to conduct cross site scripting attacks.
     
Vulnerable Products   Vulnerable Software:
Claroline version 1.8.5 and prior
     
Solution   Upgrade to Claroline version 1.8.6 : http://www.claroline.net/download/stable.html
     
CVE   CVE-2007-4742
CVE-2007-4741
CVE-2007-4718
CVE-2007-4717
     
References   http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security
http://www.claroline.net/forum/viewtopic.php?t=13448
http://www.claroline.net/forum/viewtopic.php?t=13533
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2007-09-04 

 Target Type 
Client 

 Possible exploit 
Local & Remote