Vulnerability Development mailing list archives
Re: network appliance...
From: stuart () ECLIPSE NET UK (Stuart Henderson)
Date: Mon, 17 Apr 2000 14:17:35 +0100
On Thu, Apr 13, 2000 at 01:00:42PM -0600, Marc Slemko wrote:
On Thu, 13 Apr 2000, Gage, Greg wrote:I've been looking at these for my organization. Here is what my VAR was able to find on the security side. ************************************************** Applicability of CERT advisories to Data ONTAP ------------------------------------------------------------------------ CERT ONTAP Advisory Description/Title vulnerable? Notes Malicious HTML Tags CA 00.02 Embedded in N/A Client Web RequestsActually, it (at least some versions) _is_ vulnerable to this when used as a reverse proxy (ie. their netcache product). Just use a URL like: http://netcache/disk_objects/"><script>alert('foo')</script>
IIRC netcache is based on Squid, which exhibits a similar problem when it displays the error page containing the URL which resulted in an error.
Current thread:
- Re: network appliance..., (continued)
- Re: network appliance... Jordan Ritter (Apr 12)
- Re: network appliance... Tom (Apr 12)
- Re: network appliance... Luiz Eduardo Gava (Apr 12)
- Re: network appliance... Lopez, Joe (Apr 12)
- Re: network appliance... Dom De Vitto (Apr 12)
- Re: network appliance... Hull, Dave (Apr 12)
- Re: network appliance... John Hall (Apr 12)
- Re: network appliance... Paul Taylor (Apr 12)
- Re: network appliance... Crother, Mark (Apr 12)
- Re: network appliance... Marc Slemko (Apr 13)
- Re: network appliance... Stuart Henderson (Apr 17)
- Re: network appliance... James Grinter (Apr 24)
- DOS on inetd w/ nmap Clifford, Shawn A (Apr 24)
- Re: DOS on inetd w/ nmap Roelof Temmingh (Apr 25)
- Re: DOS on inetd w/ nmap LaMont Jones (Apr 25)
- Re: DOS on inetd w/ nmap Richard Johnson (Apr 25)
- Info about Microsoft Exchange application protocol Bobby, Paul (Apr 24)
- Re: Info about Microsoft Exchange application protocol Walter Williams (Apr 24)
- Re: network appliance... Stuart Henderson (Apr 17)