Re: Arbor Networks Peakflow SP web interface XSS

[Jose Nazario <jose () arbor net>]

On Tue, 3 Apr 2012, b.saleh () aol com wrote:

> #  Exploit Title: Arbor Networks Peakflow SP XSS
> #  Date: 03 April 2012

Arbor Networks has reviewed this report. This issue was addressed and 
fixed in Peakflow SP releases 5.1.1 patch 6 (released on November 30, 
2011) and later, 5.5 patch 4 (released on December 27, 2011) and later, 
and 5.6.0 patch 1 (released on September 14, 2011). This is not a current 
issue, therefore.

Customers who remain concerned should restrict web console access to 
trusted network locations via network access rules.

For future security issue reports, please use the address 
security () arbor net to establish communications. Arbor Networks take these 
reports very seriously and seeks to work with security researchers when 
possible to remedy any such issue.


-------------------------------------------------------------
jose nazario, ph.d.             <jose () arbor net>
manager of security research    arbor networks
v: (734) 821 1427               http://asert.arbor.net/