INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution
This event is generated when javascript code is detected within an iframe on any HTTP ports
Attempted User Privilege Gain
CVE-2005-1476:
CVSS base score 5.1
CVSS impact score 6.4
CVSS exploitability score 4.9
Confidentiality Impact PARTIAL
Integrity Impact PARTIAL
Availability Impact PARTIAL
CVE-2008-2939:
CVSS base score 4.3
CVSS impact score 2.9
CVSS exploitability score 8.6
Confidentiality Impact NONE
Integrity Impact PARTIAL
Availability Impact NONE
This is solely looking for javascript embedded within an iframe. CVE-2005-1476: Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
CVE-2008-2939: Cross-site scripting (XSS) vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
simple
None Known
None Known
none
©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
