Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4043

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4043
Last Modified 27 Jul 2012 12:00:00
Published 26 Jul 2012 03:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4043

Summary

Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.

Vulnerable Systems

Application

  • Palo Alto Global Protected Gateway 3.1

  • Palo Alto Global Protected Gateway 3.1.11

  • Palo Alto Global Protected Gateway 4.0

  • Palo Alto Global Protected Gateway 4.0.5

  • Palo Alto Ssl Vpn 3.1

  • Palo Alto Ssl Vpn 3.1.11

  • Palo Alto Ssl Vpn 4.0

  • Palo Alto Ssl Vpn 4.0.5


References

OSVDB - 83896

MISC - http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html


Last Updated: 27 May 2016 10:55:01