Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0767

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0767
Last Modified 07 Jun 2011 12:00:00
Published 06 Jun 2011 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0767

Summary

Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.

Vulnerable Systems

Application

  • Imperva Securesphere Web Application Firewall 6.2

  • Imperva Securesphere Web Application Firewall 7.0

  • Imperva Securesphere Web Application Firewall 7.0.0.7061

  • Imperva Securesphere Web Application Firewall 7.0.0.7078

  • Imperva Securesphere Web Application Firewall 7.5

  • Imperva Securesphere Web Application Firewall 8.0

  • Imperva Securesphere Web Application Firewall 8.5


References

CERT-VN - VU#567774

XF - securesphere-web-server-xss(67779)

MISC - http://www.secureworks.com/research/advisories/SWRX-2011-001/

CONFIRM - http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html

SECUNIA - 44772


Last Updated: 27 May 2016 10:56:02