|
 |
|
SecureSphere MX Management Server Alert Script Insertion
|
|
|
|
|
Secunia Advisory:
|
SA29439
|
|
|
Release Date:
|
2008-03-21
|
|
Last Update:
|
2008-03-25
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Cross Site Scripting
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| OS: | SecureSphere MX Management Server 5.x
|
|
| | CVE reference: | CVE-2008-1463 (Secunia mirror)
|
|
|
|
|
|
Description:
Shachar Bar (Berezniski) has reported a vulnerability in Imperva SecureSphere, which can be exploited by malicious people to conduct script insertion attacks.
Certain requests are not properly filtered before being displayed. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator's browser session in context of an affected site when the administrator views the alert page.
Successful exploitation requires that the specially crafted request triggers an alert that e.g. requires a manual action of the administrator and that SecureSphere is not configured to block cross-site scripting attacks.
Solution:
For SecureSphere 5.0 build 5082 customers:
Use Release 5082 Patch MNG.
http://emea.salesforce.com/servlet/se...20000000082L&pPid=50120000000GmI2
Other SecureSphere 5.0 customers:
Reportedly, a patch will be available on April 14, 2008. The vendor recommends to upgrade to Release 5082 and apply the patch above or follow the workaround. Please see the vendor's advisory for more information.
Provided and/or discovered by:
Shachar Bar (Berezniski), Netwise
Changelog:
2008-03-25: Added CVE reference.
Original Advisory:
http://emea.salesforce.com/_ui/selfse...d%3D02n20000000D9R4%26orgId%3D00D2000
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
