Miggo Logo
Miggo Vulnerability Database
CVE-2011-4457

CVE-2011-4457: OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled

2.6

CVSS Score

Basic Information

CVE ID
CVE-2011-4457
GHSA ID
GHSA-pcm9-fp55-563v
EPSS Score
0.44802%
CWE
CWE-200
Published
5/17/2022
Updated
1/19/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:H/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizermaven< 8888

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key issues: 1) The HTML sanitizer's handling of NOSCRIPT elements as CDATA_SOMETIMES in HtmlTextEscapingMode.java allowed raw content interpretation when JavaScript was disabled. 2) The lack of raw-text element substitution in writeOpenTag (using canonicalName instead of safeName) permitted legacy raw-text elements to bypass proper escaping. The patch addressed both by removing CDATA_SOMETIMES for NOSCRIPT and introducing safeName to substitute raw-text elements with 'pre', preventing browser confusion about content boundaries.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

OW*SP *TML S*nitiz*r (*k* ow*sp-j*v*-*tml-s*nitiz*r) ***or* **, w**n J*v*S*ript is *is**l**, *llows us*r-*ssist** r*mot* *tt**k*rs to o*t*in pot*nti*lly s*nsitiv* in*orm*tion vi* * *r**t** *ORM *l*m*nt wit*in * NOS*RIPT *l*m*nt.

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) T** *TML s*nitiz*r's **n*lin* o* NOS*RIPT *l*m*nts *s ***T*_SOM*TIM*S in *tmlT*xt*s**pin*Mo**.j*v* *llow** r*w *ont*nt int*rpr*t*tion w**n J*v*S*ript w*s *is**l**. *) T** l**k o* r*w-t*xt *l*m*nt su*s