The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tripwire Enterprise

computer vulnerability 7535

Tripwire Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting on the authentication page of Tripwire Enterprise/Server.
Impacted products: Tripwire Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 29/01/2008.
Identifiers: BID-27486, VIGILANCE-VUL-7535.

Description of the vulnerability

To access to the management interface of Tripwire Enterprise/Server, a login and a password are required.

Parameters of the url of this authentication page are not filtered. An attacker can therefore inject HTML data.

An attacker can thus create a Cross Site Scripting attack in order to execute Javascript code in the context of the web browser of victim using the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Tripwire Enterprise: