CGI scripting vulnerabilities in ZCM11 SP2

  • 7013022
  • 08-Aug-2013
  • 08-Aug-2013

Environment

Novell ZENworks Configuration Management 11.2

Situation

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript.

Resolution

This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7010042

Cause

ZCC already implements XSS filters, because of the particular implementation of ZCC, ZCM cannot filter out scripts or other XSS causing tags from request or response. Instead ZCM is escaping these characters using their corresponding ascii values. So these will be shown back in response (as shown by Nessus scan), but they are never executed as part of request or response. It was observed that the ZCM utility servlets like HelpServlet and FileUplaodServlet might not have full filtering implemented (not given in Nessus scan).