COMMAND

	CacheFlow CacheOS Cross-site Scripting Vulnerability

SYSTEMS AFFECTED

	CacheFlow CacheOS CA 4.1.06 and earlier.
	

	Confirmed by CA 3.1.17,  Release  ID:  15403;  CA  4.0.14,  Release  ID:
	17085; CA 4.1.06, Release ID: 17757

PROBLEM

	T.Suzuki of Reflection Inc. / Chukyo University says :
	

	CacheFlow neglect to escape the characters  such  as  "<",">","&"
	in the path in the "unresolve" error messages, and pass the  message  to
	the browsers as HTML.
	  

	Browsers using vulnerable CacheFlow may send the private cookies to  the
	attacker by the evil code such as
	

	   http://dummy.example.com/<script>EVIL CODE</script> .

	

	

	 Example

	 =======

	

	Type http://nonexistent.example.com/<s>test</s>
	

	Error

	

	Problem Report

	

	The system detected an Unresolved Host Name while attempting to retrieve

	the URL: http://nonexistent.example.com/test. <- strike through on test

	Message ID UNRESOLVED_HOSTNAME

	

SOLUTION

	Get CacheOS V4.1.07 (2002/07/15 Release)
	

	http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm