Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability

["Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>]

Dear Digital Security Research Group,



--Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq () securityfocus com:



DSRG> Application:                    APC PowerChute Network Shutdown's Web Interface
DSRG> Vendor URL:                     http://www.apc.com/
DSRG> Bug:                            XSS/Response Splitting

DSRG> Solution:                       Use Firewall

Just wonder: how can firewall to protect against XSS/response splitting?


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/