Rosetta flash vulnerability

OWASP 2013-A5 OWASP 2017-A1 CWE-352 WASC-15 WSTG-CLNT-08

Rosetta is used in creating a new type of flash file. Usual flash files contain non-printable characters. Whereas, Rosetta can printable characters. When a web application request data from another web application, the server sends the data as JSONP (JavaScript Object Notation with Padding) to the receiving server. The attacker can make a malicious site request a JSONP file to victim web application. The JSONP file is used to communicate between different applications because the receiving server cannot make changes to the sender’s JSONP file. But, if the receiving file is a rosetta flash file, the flash file will be executed by the web browser. The attacker will leverage this bug to exploit the application.

Impact

The major impact includes leakage of sensitive data. An attacker can leak sensitive information like user credentials and other information about the end users

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Apply the update patches for Adobe Flash Player 11.2.202.394 and 14.0.0.145.
  • Use an additional validation check.
  • Modify the JSONP endpoints response on the web to prevent this attack.
  • Add a comment (/**/) at the start of the callback parameter. This prevents the callback parameter to be interpreted as a flash file.

Latest Articles