Re: [Full-disclosure] radware AppWall Web Application Firewall: Source code disclosure on management interface

["Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>]

Dear Shaked  Vax,

 Are  you  sure  Radware  Team have analysed reflected attack via user's
 browser  (AppWall  administrator visits malcrafted page, page redirects
 his request to AppWall) before excluding remote vector?

--Thursday, July 2, 2009, 3:23:16 PM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxxx:

SV> Radware team has completed analysis of the reported issue, concluding
SV> that no AppWall customer using the product  according to Radware
SV> deployment recommendations would be exposed to vulnerability as a result
SV> of this issue. This is due to the facts that this issue exists only on
SV> the management interface that is recommended to be connection to
SV> internal LAN only, and that it does not allow performing any actions
SV> that would influence machine functionality.
SV>  Nevertheless, in order to enforce our commitment to deliver top
SV> security solution to our customers, Radware will supply a fix for this
SV> issue within its upcoming AppWall release.

SV> Shaked Vax
SV> AppWall Product Manager 
SV> ShakedV@xxxxxxxxxxx 
 

SV> _______________________________________________
SV> Full-Disclosure - We believe in it.
SV> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
SV> Hosted and sponsored by Secunia - http://secunia.com/


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Но Гарри... я безусловно отдаю предпочтение ему, за
высокую питательность и какое-то особенно нежное мясо. (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/