[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
- From: Ansgar Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
- Date: Thu, 26 Feb 2009 22:15:50 +0100
On 2009-02-26 Vladimir '3APA3A' Dubrovin wrote:
> --Thursday, February 26, 2009, 7:40:50 PM, you wrote to
> bugtraq@xxxxxxxxxxxxxxxxx:
> DSRG> Application: APC PowerChute Network Shutdown's Web Interface
> DSRG> Vendor URL: http://www.apc.com/
> DSRG> Bug: XSS/Response Splitting
>
> DSRG> Solution: Use Firewall
>
> Just wonder: how can firewall to protect against XSS/response splitting?
You don't give the bad guys access to your UPS's web interface?
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html