Guest

Preview Tool

Cisco Bug: CSCvi91309 - sort_report.pl redirects to link with injected data into a request URL parameter

Last Modified

May 15, 2018

Products (1)

  • Headend System Releases

Known Affected Releases

ec-9.0.4-1

Description (partial)

Symptom:
EC returns redirect (302 with the location header set to "/sareports/reports/DhctPkg.2<malicious_data>.html") for a GET to /sareports/cgi-bin/sort_report.pl with URL parameter sortcol=<malicious_data>.  The data returned in a GET to the URL provided in the location header includes "This page is currently being generated." and part of the injected data.  The response to the GET to the URL provided in the location header is a 200 OK.

Conditions:
Default state.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.