Bugtraq mailing list archives
AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections
From: "Ivan Buetler" <ivan.buetler () csnc ch>
Date: Thu, 14 Jun 2012 21:50:46 +0200
Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats. nevisProxy is a component of AdNovum's security framework Nevis. The security product is prone to a XSS vulnerability in its redirection routine. Details: ----------- http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_ 302_Redirections_publicVersion.txt References: ----------- http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s ubsubpage=nevisproxy Credits: ----------- Alexandre Herzog <alexandre.herzog () csnc ch> (Compass Security Analyst, Switzerland) Switzerland, 14.6.2012 Compass Security AG is a Swiss leading ethical hacking and penetration testing company. (www.csnc.ch) Regards Ivan Buetler
Current thread:
- AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections Ivan Buetler (Jun 15)