[Japanese]

JVNDB-2014-000133

iLogScanner vulnerable to cross-site scripting

Overview

iLogScanner contains a cross-site scripting vulnerability.

iLogScanner provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a software that checks access logs to detect suspected attacks against a web server. iLogScanner contains a cross-site scripting vulnerability (CWE-79) due to a flaw when processing analysis results and outputting the results into a HTML page.

Shinya Mizutani of NTT NEOMEIT CORPORATION and Kazuhiko Kusano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
  • iLogScanner V4.0

Impact

An arbitrary script may be executed on the outputted HTML page when analyzing a specially crafted access log file.
Solution

[Update the software]
Users of the offline version of iLogScanner should update to the latest version according to the information provided by the developer.

According to the developer, the online version of iLogScanner has already been updated to address this vulnerability.
Vendor Information

INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-7248
References

  1. JVN : JVN#89852154
  2. National Vulnerability Database (NVD) : CVE-2014-7248
Revision History

  • [2014/11/14]
      Web page was published
    [2014/11/18]
      References : Content was added