Bugtraq mailing list archives
Re: Another ZEUS Server web admin XSS!
From: <security () zeus com>
Date: 30 May 2003 15:06:56 -0000
In-Reply-To: <20030529174830.9975.qmail () www securityfocus com> Zeus Technology, 30th May 2003. "Another ZEUS Server web admin XSS!" vendor response On May 29th 2003, a cross-site-scripting attack against the Zeus Administration Server was reported on bugtraq (incident "Another ZEUS Server web admin XSS!"). Zeus Technology has investigated this report and confirm that a cross- site-scripting exploit is possible under very limited conditions. This vulnerability is present in Zeus Web Server version 4.2r2 and earlier. Zeus have product patches which will be available shortly through Zeus's support channel (support () zeus com). These patches will be included in the next revision of Zeus Web Server (4.2r3) when it is released. Zeus Technology continue to advise that the Administration Server is shut down when not in use as a matter of routine. Zeus Technology work closely with customers, evaluators, security professionals and other researchers to ensure its products are secure and free from defects. Any security-related comments received at security () zeus com, or through any other means are treated with the utmost attention. Zeus Technology regret that the researcher published details of the exploit before contacting Zeus and allowing Zeus to prepare and distribute a fix. -- security () zeus com Zeus Technology Ltd Security Response Team Universally Serving the Net Tel:+44(0)1223 525000 Fax:+44(0)1223 525100 http://www.zeus.com/ Zeus House, Cowley Road, Cambridge, CB4 0ZT, ENGLAND
Current thread:
- Re: Another ZEUS Server web admin XSS! security (Jun 01)