[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arbor Networks Peakflow SP web interface XSS

To: b.saleh@xxxxxxx
Subject: Re: Arbor Networks Peakflow SP web interface XSS
From: Jose Nazario <jose@xxxxxxxxx>
Date: Wed, 4 Apr 2012 16:49:08 -0400 (EDT)

On Tue, 3 Apr 2012, b.saleh@xxxxxxx wrote:

#  Exploit Title: Arbor Networks Peakflow SP XSS
#  Date: 03 April 2012

Arbor Networks has reviewed this report. This issue was addressed andfixed in Peakflow SP releases 5.1.1 patch 6 (released on November 30,2011) and later, 5.5 patch 4 (released on December 27, 2011) and later,and 5.6.0 patch 1 (released on September 14, 2011). This is not a currentissue, therefore.

Customers who remain concerned should restrict web console access totrusted network locations via network access rules.

For future security issue reports, please use the addresssecurity@xxxxxxxxx to establish communications. Arbor Networks take thesereports very seriously and seeks to work with security researchers whenpossible to remedy any such issue.



-------------------------------------------------------------
jose nazario, ph.d.             <jose@xxxxxxxxx>
manager of security research    arbor networks
v: (734) 821 1427               http://asert.arbor.net/

References:
- Arbor Networks Peakflow SP web interface XSS
  - From: b . saleh

Prev by Date: [SECURITY] [DSA 2447-1] tiff security update
Next by Date: Re: Arbor Networks Peakflow SP web interface XSS
Previous by thread: Arbor Networks Peakflow SP web interface XSS
Next by thread: Re: Arbor Networks Peakflow SP web interface XSS
Index(es):
- Date
- Thread