Bugtraq mailing list archives
Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Thu, 26 Feb 2009 22:15:50 +0100
On 2009-02-26 Vladimir '3APA3A' Dubrovin wrote:
--Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq () securityfocus com: DSRG> Application: APC PowerChute Network Shutdown's Web Interface DSRG> Vendor URL: http://www.apc.com/ DSRG> Bug: XSS/Response Splitting DSRG> Solution: Use Firewall Just wonder: how can firewall to protect against XSS/response splitting?
You don't give the bad guys access to your UPS's web interface? Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html
Current thread:
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Digital Security Research Group (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 27)
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Alexandr Polyakov (Feb 27)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Ansgar Wiechers (Feb 26)
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability Vladimir '3APA3A' Dubrovin (Feb 26)