JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks

Overview

Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.

In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.

Products Affected

For more information, refer to the vendors' websites.

Description

Impact

Authentication information or cookie information could be leaked.

Solution

Vendor Status

Vendor	Status	Last Update
JustSystems Corporation	Not Vulnerable	2005/09/29
Allied Telesis K.K.	Not Vulnerable	2005/09/29
B.U.G., Inc.	Not Vulnerable	2005/10/05
Century Systems Co., Ltd.	Not Vulnerable	2005/09/29
Cybozu, Inc.	Not Vulnerable	2005/09/29
FUJITSU LIMITED	Not Vulnerable	2005/11/10
Hitachi	Not Vulnerable	2005/09/29
Lunascape Co.,Ltd.	Vulnerable	2005/09/29
Microsoft Co.,Ltd.	Not Vulnerable	2005/09/29
NEC Corporation	Not Vulnerable	2005/09/29
Orangesoft Inc.	Not Vulnerable	2005/09/29
Turbolinux, Inc.	Unknown	2005/09/29
SOURCENEXT CORPORATION	Not Vulnerable	2005/09/29
RICOH COMPANY, LTD.	Not Vulnerable	2005/10/06

Vendor	Link
Mozilla Japan	http://www.mozilla-japan.org/security/announce/mfsa2005-58.html#xmlhttp
Opera Software	Advisory: Malicious setRequestHeader cross-site vulnerability

References

JPCERT/CC Addendum

Credit

Yutaka Oiwa of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2005-000530