[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections
From: "Ivan Buetler" <ivan.buetler@xxxxxxx>
Date: Thu, 14 Jun 2012 21:50:46 +0200

Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection
routine. 

Details:
-----------
http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt


References:
-----------
http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s
ubsubpage=nevisproxy



Credits:
-----------
Alexandre Herzog <alexandre.herzog@xxxxxxx> (Compass Security Analyst,
Switzerland)


Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)

Regards
Ivan Buetler

Prev by Date: 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0
Next by Date: AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Previous by thread: 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0
Next by thread: AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Index(es):
- Date
- Thread