Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:XSS:HP-SEARCH-XSS

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 HP Insight Diagnostics Online Edition 'search.php' Cross Site Scripting Vulnerability

Release Date

 2011/06/01

Update Number

 1930

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: HP Insight Diagnostics Online Edition 'search.php' Cross Site Scripting Vulnerability


This signature detects attempts to exploit a cross-site scripting vulnerability in HP Insight Diagnostics Online Edition. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Extended Description

HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to HP Insight Diagnostics Online Edition 8.5.1.3712

Affected Products

  • HP Insight Diagnostics Online Edition 8.4
  • HP Insight Diagnostics Online Edition, 8.4
  • HP Insight Diagnostics Online Edition for Windows 6.0.0 A Offline
  • HP Insight Diagnostics Online Edition for Windows 6.2.1 A Offline
  • HP Insight Diagnostics Online Edition for Windows 6.3.0-15 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 6.3.0.878 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 6.3.0.878 Online Windows 2003
  • HP Insight Diagnostics Online Edition for Windows 6.3.1-1 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 6.3.1.887 Offline
  • HP Insight Diagnostics Online Edition for Windows 6.4.1 A Offline
  • HP Insight Diagnostics Online Edition for Windows 6.5.0 A Offline
  • HP Insight Diagnostics Online Edition for Windows 7.0.0.1198 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.0.0.1198 Online Windows 2003
  • HP Insight Diagnostics Online Edition for Windows 7.0.0-30 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.0.1.1219 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.0.1.1219 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.0.1-8 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.0.2 A Offline
  • HP Insight Diagnostics Online Edition for Windows 7.3.0 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.4.0-11 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.4.0.1570 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.4.0.1570 Online Windows 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.4.0.1570 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.4.1 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.5.0
  • HP Insight Diagnostics Online Edition for Windows 7.5.0-14 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.5.0.1679 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.5.0.1679 Online Windows 2003
  • HP Insight Diagnostics Online Edition for Windows 7.5.0.1679 Online Windows 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.5.2 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.5.4 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.5.5.1681 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.5.5.1681 Online Windows 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.5.5.1681 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.5.5-1 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.6.0.1984 Online Windows 2000
  • HP Insight Diagnostics Online Edition for Windows 7.6.0.1984 Online Windows 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.6.0.1984 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.6.0-23 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.6.0 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.6.1 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.6.2 Rev A Offline
  • HP Insight Diagnostics Online Edition for Windows 7.7.0-142 Online Linux
  • HP Insight Diagnostics Online Edition for Windows 7.7.0.2112 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.7.0.2112 Online Windows Server 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.7.0 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.7.0 Rev B Offline
  • HP Insight Diagnostics Online Edition for Windows 7.7.101 2097 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.8.0.2257 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.8.0.2257 Online Windows Server 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.9.0.2359 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.9.0.2359 Online Windows Server 2003 X64
  • HP Insight Diagnostics Online Edition for Windows 7.9.0 Offline
  • HP Insight Diagnostics Online Edition for Windows 7.9.0 Rev A Offline
  • HP Insight Diagnostics Online Edition for Windows 7.9.1.2401 Online Windows Server 2003
  • HP Insight Diagnostics Online Edition for Windows 7.9.1.2401 Online Windows Server 2003 X64

References

  • BugTraq: 45420
  • CVE: CVE-2010-4111
  • URL: http://www.hp.com/
  • URL: http://seclists.org/fulldisclosure/2011/May/453

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out