[Japanese]

JVNDB-2008-000043

K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting

Overview

analysis.cgi included in K's CGI Access Log Kaiseki (jcode.pl) contains a cross-site scripting vulnerability.

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki (Jcode.pl) contains a cross-site scripting vulnerability.

The developer has released the information "Important Note as of 2008 July 18" on the developer's homepage regarding this issue.

AzureStone of securecoding.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


K's CGI
  • Access Log Kaiseki (jcode.pl) analysis.cgi Ver.1.44 and earlier

Impact

An arbitrary script could be executed on the user's web browser.
Solution

[Update the Software]
Apply the latest update provided by the developer.
Vendor Information

K's CGI
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-4663
References

  1. JVN : JVN#46869708
  2. National Vulnerability Database (NVD) : CVE-2008-4663
Revision History

  • [2008/07/29]
      Web page published