Vulnerability Development mailing list archives
Re: network appliance...
From: marcs () ZNEP COM (Marc Slemko)
Date: Thu, 13 Apr 2000 13:00:42 -0600
On Thu, 13 Apr 2000, Gage, Greg wrote:
Hi All- I've been looking at these for my organization. Here is what my VAR was able to find on the security side. Greg ************************************************** Applicability of CERT advisories to Data ONTAP ------------------------------------------------------------------------ CERT ONTAP Advisory Description/Title vulnerable? Notes Malicious HTML Tags CA 00.02 Embedded in N/A Client Web Requests
Actually, it (at least some versions) _is_ vulnerable to this when used as a reverse proxy (ie. their netcache product). Just use a URL like: http://netcache/disk_objects/"><script>alert('foo')</script> Sometimes you have to reload it a few times before it gives its internal error page instead of the error page from the backend server. Not sure what is up there. It may also be vulnerable when used as an origin server, I don't know. Most of the holes that may be present in it wouldn't be reflected in CERT advisories, especially if they haven't been discovered and/or publicized.
Current thread:
- Re: network appliance..., (continued)
- Re: network appliance... Ryan Permeh (Apr 12)
- Re: network appliance... Jordan Ritter (Apr 12)
- Re: network appliance... Tom (Apr 12)
- Re: network appliance... Luiz Eduardo Gava (Apr 12)
- Re: network appliance... Lopez, Joe (Apr 12)
- Re: network appliance... Dom De Vitto (Apr 12)
- Re: network appliance... Hull, Dave (Apr 12)
- Re: network appliance... John Hall (Apr 12)
- Re: network appliance... Paul Taylor (Apr 12)
- Re: network appliance... Crother, Mark (Apr 12)
- Re: network appliance... Marc Slemko (Apr 13)
- Re: network appliance... Stuart Henderson (Apr 17)
- Re: network appliance... James Grinter (Apr 24)
- DOS on inetd w/ nmap Clifford, Shawn A (Apr 24)
- Re: DOS on inetd w/ nmap Roelof Temmingh (Apr 25)
- Re: DOS on inetd w/ nmap LaMont Jones (Apr 25)
- Re: DOS on inetd w/ nmap Richard Johnson (Apr 25)
- Info about Microsoft Exchange application protocol Bobby, Paul (Apr 24)
- Re: Info about Microsoft Exchange application protocol Walter Williams (Apr 24)
- Re: network appliance... Stuart Henderson (Apr 17)