Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA24499] Cisco Multiple Products Online Help System Cross-Site Scripting

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA24499] Cisco Multiple Products Online Help System Cross-Site Scripting
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Fri, 16 Mar 2007 16:44:20 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: Acdn0N/BK79YiK6tRbSBsqjI9E+lbAAADcng
Thread-topic: [SA24499] Cisco Multiple Products Online Help System Cross-Site Scripting

Глубоко копают... 
С другой стороны признак того, что к XSS начинают относться серьезнее.

> 
> TITLE:
> Cisco Multiple Products Online Help System Cross-Site Scripting
> 
> SECUNIA ADVISORY ID:
> SA24499
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24499/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Cross Site Scripting
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Cisco 2000 Series Wireless LAN Controller
> http://secunia.com/product/6035/
> Cisco Unified Videoconferencing 3500 Series Products
> http://secunia.com/product/13671/
> Cisco Secure ACS Solution Engine 4.x
> http://secunia.com/product/13658/
> 
> SOFTWARE:
> CiscoWorks Monitoring Center for Security 1.x
> http://secunia.com/product/5603/
> CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x
> http://secunia.com/product/6025/
> CiscoWorks Internetwork Performance Monitor (IPM) 2.x
> http://secunia.com/product/11850/
> CiscoWorks Common Services Software 3.x
> http://secunia.com/product/6330/
> CiscoWorks Common Services Software 2.x
> http://secunia.com/product/2266/
> CiscoWorks Common Services Software 1.x
> http://secunia.com/product/2267/
> CiscoWorks Campus Manager 4.x
> http://secunia.com/product/11849/
> CiscoWorks Campus Manager 3.x
> http://secunia.com/product/11848/
> Cisco WAN Manager (CWM) 15.x
> http://secunia.com/product/13672/
> Cisco WAN Manager (CWM) 12.x
> http://secunia.com/product/13673/
> Cisco WAN Manager (CWM) 11.x
> http://secunia.com/product/13674/
> Cisco WAN Manager (CWM) 10.x
> http://secunia.com/product/13675/
> Cisco VPN Client 2.x
> http://secunia.com/product/123/
> Cisco VPN 5000 Client 5.x
> http://secunia.com/product/259/
> Cisco Unified Video Advantage 2.x
> http://secunia.com/product/13668/
> Cisco Unified Personal Communicator 1.x
> http://secunia.com/product/13660/
> Cisco Unified MeetingPlace Express 2.x
> http://secunia.com/product/13664/
> Cisco Unified MeetingPlace Express 1.x
> http://secunia.com/product/13665/
> Cisco Unified MeetingPlace 6.x
> http://secunia.com/product/13663/
> Cisco Unified MeetingPlace 5.x
> http://secunia.com/product/13661/
> Cisco Unified MeetingPlace 4.x
> http://secunia.com/product/13662/
> Cisco Unified CallManager 5.x
> http://secunia.com/product/11019/
> Cisco Unified CallManager 4.x
> http://secunia.com/product/5363/
> Cisco Secure ACS 4.x
> http://secunia.com/product/10635/
> Cisco IP Communicator 2.x
> http://secunia.com/product/13667/
> Cisco IP Communicator 1.x
> http://secunia.com/product/13666/
> Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2)
> http://secunia.com/product/2272/
> Cisco CallManager 5.x
> http://secunia.com/product/12535/
> Cisco CallManager 4.x
> http://secunia.com/product/12534/
> Cisco CallManager 3.x
> http://secunia.com/product/2805/
> CiscoWorks Monitoring Center for Security 2.x
> http://secunia.com/product/5604/
> Cisco Router and Security Device Manager (SDM)
> http://secunia.com/product/13676/
> 
> DESCRIPTION:
> A vulnerability has been reported in various Cisco products, which
> can be exploited by malicious people to conduct cross-site scripting
> attacks.
> 
> Input passed to the search code of PreSearch.html or PreSearch.class
> (depending on software or device) is not properly sanitised before
> being returned to the user. This can be exploited to execute
> arbitrary HTML and script code in a user's browser session in context
> of an affected software or device.
> 
> SOLUTION:
> If possible, the vendor recommends deleting or renaming the
> PreSearch.html and PreSearch.class files.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Independently discovered by Erwin Paternotte from Fox-IT and Cassio
> Goldschmidt.
> 
> ORIGINAL ADVISORY:
> http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml
>

Prev by Date: Re: [security-alerts] FYI: Методика тестирования качества серверных антиспам-ф ильтров
Next by Date: [security-alerts] FYI: FireCAT - FireFox Catalog of Auditing Tools
Previous by thread: [security-alerts] FYI: Методика тестирования качества серв ерных антиспам-фильтров
Next by thread: [security-alerts] FYI: FireCAT - FireFox Catalog of Auditing Tools
Index(es):
- Date
- Thread