Plumtree Corporate Portal Cross-Site Scripting (Patch Available)

[Ed Moyle <emoyle () scsnet csc com>]

Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
----------------------------------------------------------------

SYNOPSIS

Plumtree (www.plumtree.com) Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5 should be modified to 
remediate potential cross-site scripting attacks directed against existing Corporate Portal installations.

IMPACT

If the appropriate patch/remediation from Plumtree is not applied, a malicious user may craft a link containing rogue 
JavaScript, which could potentially lead to disclosure of state-maintenance or other critical data.  Further 
information on cross-site scripting may be found in CERT advisory CA-2000-01 
(http://www.cert.org/advisories/CA-2000-02.html).

CAUSE

Plumtree Corporate Portal supplies an error information page named error.asp, which by default is accessed through 
URI=http://<PORTALSITE>/<PORTALNAME>/common/error.asp.  The second parameter supplied to error.asp is a textual 
description of the error message that will be shown in the resulting error web page.  This textual parameter may be 
modified to include rogue script on affected installations.

STATUS

Plumtree has been notified and has issued a knowledge base article with information and a fix.  Plumtree will 
incorporate the fix into Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6.  Plumtree supportnet article number 
is #11012 and may be accessed from the supportnet community on the Plumtree website.  The Plumtree supportnet community 
is available via: http://www.plumtree.com/company/technical_support.htm

ACKNOWLEDGEMENTS

Affected Plumtree Corporate Portal version numbers are reproduced here from the Plumtree knowledge base article.  
Thanks specifically to Andrew Morris and Philip Soffer (both Plumtree representatives) for their consistently prompt 
responses and thorough attention to this matter.