Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: network appliance...

From: stuart () ECLIPSE NET UK (Stuart Henderson)
Date: Mon, 17 Apr 2000 14:17:35 +0100

On Thu, Apr 13, 2000 at 01:00:42PM -0600, Marc Slemko wrote:

On Thu, 13 Apr 2000, Gage, Greg wrote:

I've been looking at these for my organization.  Here is what my VAR was able to find on the security side.

**************************************************
Applicability of CERT advisories to Data ONTAP

  ------------------------------------------------------------------------
  CERT                                ONTAP
 Advisory     Description/Title       vulnerable?    Notes
             Malicious HTML Tags
 CA 00.02    Embedded in              N/A
             Client Web Requests


Actually, it (at least some versions) _is_ vulnerable to this when
used as a reverse proxy (ie. their netcache product).  Just use a
URL like:

      http://netcache/disk_objects/";><script>alert('foo')</script>


IIRC netcache is based on Squid, which exhibits a similar
problem when it displays the error page containing the URL which
resulted in an error.
Previous By Date Next
Previous By Thread Next

Current thread: