Bugtraq mailing list archives
Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From: Alexandr Polyakov <alexandr.polyakov () dsec ru>
Date: Fri, 27 Feb 2009 12:59:13 +0300
Здравствуйте, Vladimir. Вы писали 26 февраля 2009 г., 21:46:28:
Dear Digital Security Research Group,
--Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq () securityfocus com:
DSRG>> Application: APC PowerChute Network Shutdown's Web Interface DSRG>> Vendor URL: http://www.apc.com/ DSRG>> Bug: XSS/Response Splitting DSRG>> Solution: Use Firewall
Just wonder: how can firewall to protect against XSS/response splitting?
This Solution taken from vendors advice. Polyakov Alexandr Information Security Analyst ______________________ DIGITAL SECURITY phone: +7 812 703 1547 +7 812 430 9130 e-mail: a.polyakov () dsec ru www.dsec.ru ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------
Current thread:
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Digital Security Research Group (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 27)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Alexandr Polyakov (Feb 27)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)