← Advisories

Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities

Medium
Advisory ID
ZSL-2012-5078
Release Date
10 March 2012
Vendor
Zend Technologies Ltd. - http://www.zend.com
Affected Version
Zend Server 5.6.0, *Zend Optimizer+ 4.1, *Zend Code Tracing 1.0, *Zend Data Cache 4.0, *Zend Job Queue 4.0, *Zend Debugger 5.3, *Zend Java Bridge 3.1
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/0.9.8o, PHP 5.3.9-ZS5.6.0
Summary

Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications.

Description

Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent (stored) XSS issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept
zend_s03.txtTXT
zend_s03.htmlHTML
Disclosure Timeline
22.02.2012Vulnerabilities discovered.
23.02.2012Contact with the vendor.
23.02.2012Vendor responds asking for details.
24.02.2012Sent detailed information to the vendor.
24.02.2012Vendor assigns appropriate team for coordination.
27.02.2012Vendor is analyzing the issues, working on a fix.
27.02.2012Asked vendor for confirmation and scheduled patch release date.
28.02.2012Vendor replies with confirmation of the issues.
05.03.2012Asked vendor for status update.
06.03.2012Vendor created fix for the issues, promising patch release date.
07.03.2012Sent coordination details to the vendor.
07.03.2012Vendor replies with release information.
08.03.2012Vendor releases hotfix 5.6.0 SP1 to address these issues.
10.03.2012Coordinated public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.zend.com/topics/ZS-560-SP1-ReleaseNotes-20120308.txt
[2]http://www.zend.com/en/products/server/updates
[3]http://cxsecurity.com/issue/WLB-2012030070
[4]http://packetstormsecurity.org/files/110642
[5]http://1337day.com/exploits/17650
[6]http://www.exploit-db.com/exploits/18582/
[7]http://www.securityfocus.com/bid/52397
[8]http://xforce.iss.net/xforce/xfdb/73941
[9]http://www.osvdb.org/show/osvdb/80612
[10]http://www.osvdb.org/show/osvdb/80613
[11]http://www.osvdb.org/show/osvdb/80614
[12]http://www.osvdb.org/show/osvdb/80615
[13]http://www.osvdb.org/show/osvdb/80616
[14]http://www.osvdb.org/show/osvdb/80617
Changelog
10.03.2012Initial release
12.03.2012Added reference [6] and [7]
14.03.2012Added reference [8]
29.03.2012Added reference [9], [10], [11], [12], [13] and [14]