Date: Thu, 24 Jan 2002 09:20:56 -0500
From: Ed Moyle <emoyle@scsnet.csc.com>
To: bugtraq@securityfocus.com
Subject: Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
----------------------------------------------------------------
SYNOPSIS
Plumtree (www.plumtree.com) Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5 should be modified to remediate potential cross-site scripting attacks directed against existing Corporate Portal installations.
IMPACT
If the appropriate patch/remediation from Plumtree is not applied, a malicious user may craft a link containing rogue JavaScript, which could potentially lead to disclosure of state-maintenance or other critical data. Further information on cross-site scripting may be found in CERT advisory CA-2000-01 (http://www.cert.org/advisories/CA-2000-02.html).
CAUSE
Plumtree Corporate Portal supplies an error information page named error.asp, which by default is accessed through URI=http://<;PORTALSITE>/<PORTALNAME>/common/error.asp. The second parameter supplied to error.asp is a textual description of the error message that will be shown in the resulting error web page. This textual parameter may be modified to include rogue script on affected installations.
STATUS
Plumtree has been notified and has issued a knowledge base article with information and a fix. Plumtree will incorporate the fix into Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6. Plumtree supportnet article number is #11012 and may be accessed from the supportnet community on the Plumtree website. The Plumtree supportnet community is available via: http://www.plumtree.com/company/technical_support.htm
ACKNOWLEDGEMENTS
Affected Plumtree Corporate Portal version numbers are reproduced here from the Plumtree knowledge base article. Thanks specifically to Andrew Morris and Philip Soffer (both Plumtree representatives) for their consistently prompt responses and thorough attention to this matter.
