Security Vulnerability - XSS Cross Site Scripting in iMonitor error messages

  • 3460217
  • 24-Mar-2008
  • 26-Apr-2012

Environment


Novell eDirectory 8.8.2 and prior for Solaris
Novell eDirectory 8.8.2 and prior for Linux
Novell eDirectory 8.8.2 and prior for Windows 2003
Novell eDirectory 8.8.2 and prior for Windows 2000
Novell eDirectory 8.7.3.9 and prior for Solaris
Novell eDirectory 8.7.3.9 and prior for Linux
Novell eDirectory 8.7.3.9 and prior for Windows 2000
Novell eDirectory 8.7.3.9 and prior for Windows 2003

Situation

Error messages of the HTTP stack for iMonitor can be used to launch XSS attacks on the users of the iMonitor interface.

Resolution

For eDirectory 8.8.X:
Upgrade eDir 8.8 to eDir 8.8.2 and apply eDir 8.8.2 ftf2

For eDirectory 8.7.3.X
Upgrade eDir 8.7.3 to eDir 8.7.3 sp10

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by Nicholas Gregorie

CVE-2008-0925