Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: network appliance...

From: marcs () ZNEP COM (Marc Slemko)
Date: Thu, 13 Apr 2000 13:00:42 -0600

On Thu, 13 Apr 2000, Gage, Greg wrote:


Hi All-

I've been looking at these for my organization.  Here is what my VAR was able to find on the security side.

Greg

**************************************************
Applicability of CERT advisories to Data ONTAP

  ------------------------------------------------------------------------
  CERT                                ONTAP
 Advisory     Description/Title       vulnerable?    Notes
             Malicious HTML Tags
 CA 00.02    Embedded in              N/A
             Client Web Requests


Actually, it (at least some versions) _is_ vulnerable to this when
used as a reverse proxy (ie. their netcache product).  Just use a
URL like:

        http://netcache/disk_objects/";><script>alert('foo')</script>

Sometimes you have to reload it a few times before it gives its internal
error page instead of the error page from the backend server.  Not sure
what is up there.

It may also be vulnerable when used as an origin server, I don't know.

Most of the holes that may be present in it wouldn't be reflected
in CERT advisories, especially if they haven't been discovered
and/or publicized.
Previous By Date Next
Previous By Thread Next

Current thread: