SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Portwise SSL VPN v4.6 Cross-Site Scriting


Arrow  SecurityAlert : 7050
Arrow  CVE : CVE-2010-0703
Arrow  CWE : CWE-79
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : Yes
Arrow  Exploit Available : No
Arrow  Credit : Procheckup
Arrow  Published : 28.02.2010

Arrow  Affected Software : portwise:ssl_vpn:4.6



Arrow  Advisory Content :  

PR09-04: Cross-Site Scriting on Portwise SSL VPN v4.6

Vulnerability found: 25th March 2009

Vendor informed: 28th April 2009

Vulnerability fixed:

Severity: Medium

Description:

The Portwise portal login page is vulnerable to XSS. Portwise is a
SSL-VPN portal.

Note: Other version might be affected as well

The following demonstrate XSS:

1) Login page XSS

https://example.com/wa/auth?&authmech=Assess&reloadFrame=%22;%3Cscript%3
Eblah%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Consequences:

An attacker may be able to cause execution of malicious scripting code
in the browser of a user who clicks on a link to a Portwise Portal-based
site. Such

code would run within the security context of the target domain. This
type of attack can result in non-persistent defacement of the target
site, or the

redirection of confidential information (i.e.: session IDs) to
unauthorised third parties.

Fix:

Ensure all input parameters (especially "reloadFrame") are filtered
sufficiently before beign echoed back to the client.

References:

http://www.procheckup.com/Vulnerabilities.php

Credits: George Christopoulos and Jan Fry of ProCheckUp Ltd
(www.procheckup.com)

Legal:

Copyright 2009 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the

Bulletin is not edited or changed in any way, is attributed to
Procheckup, and provided such reproduction and/or distribution is
performed for non-

commercial purposes.

Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.



Arrow  References :

http://www.securityfocus.com/bid/38308
http://www.securityfocus.com/archive/1/archive/1/509584/100/0/threaded
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04
http://secunia.com/advisories/38627
http://packetstormsecurity.org/1002-exploits/PR09-04.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.