Информационная безопасность
[RU] switch to English

Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  New vulnerabilities in Relay

From:ddvulnalert_(at)_ddifronline.com <ddvulnalert_(at)_ddifronline.com>
Date:18 февраля 2009 г.
Subject:DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability

DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability


Date Discovered
January 19th 2009

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and [email protected]$

Vulnerability Description
NetMRI contains a cross-site scripting (XSS) issue whereby portions of the GET request are echoed
back in an error page. This allows scripting tags to be executed by the browser to perform XSS
attacks. Such an attack would require convincing a user to click on a specially crafted link.

Solution Description
On February 18, 2009, Netcordia released a patch named "CrossScriptPatch.gpg" to address this
vulnerability in all currently supported versions of NetMRI through v3.0.1.  Customers can acquire
the patch through the normal mechanisms or contact Netcordia Technical Support
([email protected]) for assistance.  Additionally, the necessary changes will be incorporated in
future versions beginning with NetMRI v3.0.2.

Tested Systems / Software (with versions)
Red Hat Linux, NetMRI

Vendor Contact
Name: Netcordia
Website: http://www.netcordia.com/products/netmri-event-analysis.asp
Contact Information: http://www.netcordia.com/contact/index.asp

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород