AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

From: Ivan Buetler <ivan.buetler@csnc.ch>
To: bugtraq@securityfocus.com
Cc:
Subject: AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections
Date:


Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection
routine. 

Details:
-----------
http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt


References:
-----------
http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s
ubsubpage=nevisproxy



Credits:
-----------
Alexandre Herzog <alexandre.herzog@csnc.ch> (Compass Security Analyst,
Switzerland)


Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)

Regards
Ivan Buetler







Copyright © 1995-2018 LinuxRocket.net. All rights reserved.