Vulnerability Note VU#745607
Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
Original Release date: 08 Feb 2017 | Last revised: 08 Feb 2017

Overview
The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting and information exposure.

Description
CWE-204: Response Discrepancy Information ExposureCVE-2016-9499
Accellion FTP server only returns the username in the server response if the a username is invalid.

An attacker may use this information to determine valid user accounts and enumerate them.

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CVE-2016-9500

Accellion FTP server uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.

For more information, please see Qualys’s security advisory.

Impact
A remote attacker may be able to enumerate user accounts on the Accellion FTP server or may conduct reflected cross-site scripting attacks.

Solution
Apply an update

Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedAccellionAffected09 Dec 201620 Jan 2017If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal
3.4
E:POC/RL:OF/RC:C

Environmental
2.5
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf
http://cwe.mitre.org/data/definitions/80.html
http://cwe.mitre.org/data/definitions/204.html

Credit

Thanks to Ashish Kamble for reporting this vulnerability.
This document was written by Garret Wassermann.

Other Information

CVE IDs:
CVE-2016-9499
CVE-2016-9500

Date Public:
31 Jan 2017

Date First Published:
08 Feb 2017

Date Last Updated:
08 Feb 2017

Document Revision:
29

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply