Novell Identity Manager Cross-Site Scripting Vulnerabilities


Description   Some vulnerabilities have been reported in Novell Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "apwaDetailId" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in the following versions:
* Identity Manager User Application 3.5.0 prior to Field Patch 350AH.
* Identity Manager User Application 3.5.1 prior to Field Patch 351AA.
* Identity Manager Roles Based Provisioning Module 3.6.0 (User Application 3.6.0) prior to Field Patch 360H.
* Identity Manager Roles Based Provisioning Module 3.6.1 (User Application 3.6.1) prior to Field Patch 361F.
* Identity Manager Roles Based Provisioning Module 3.7.0 (User Application 3.7.0) prior to Field Patch 370E.
* Identity Manager Roles Based Provisioning Module 4.0.0 (User Application 4.0.0) prior to Field Patch 400B.
     
Vulnerable Products   Vulnerable Software:
Novell Identity Manager 3.xNovell Identity Manager 4.x
     
Solution   Apply Field Patch.Field Patch 350AH: http://download.novell.com/Download?buildid=f7zgO8H7mV0~Field Patch 351AA: http://download.novell.com/Download?buildid=ZKBfYj6xegY~Field Patch 360H: http://download.novell.com/Download?buildid=UhQCJKaeS8Q~Field Patch 361F: http://download.novell.com/Download?buildid=KS4d8mkkC8I~Field patch 370E: http://download.novell.com/Download?buildid=ZGIeEeSkSbw~Field Patch 400B: http://download.novell.com/Download?buildid=__wYYHWW8No~
     
CVE   CVE-2011-2227
CVE-2011-1696
     
References   http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious SQL statement in header
4.0.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2011-10-04 

 Target Type 
Server 

 Possible exploit 
Remote