Bugtraq mailing list archives

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

From: "Ivan Buetler" <ivan.buetler () csnc ch>
Date: Thu, 14 Jun 2012 21:50:46 +0200

Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection
routine. 

Details:
-----------
http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt


References:
-----------
http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s
ubsubpage=nevisproxy



Credits:
-----------
Alexandre Herzog <alexandre.herzog () csnc ch> (Compass Security Analyst,
Switzerland)


Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)

Regards
Ivan Buetler

Current thread:

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections Ivan Buetler (Jun 15)