SecureSphere Web Application Firewall Username HTML Injection Vulnerability

Bugtraq ID:	52064
Class:	Input Validation Error
CVE:	CVE-2011-4887
Remote:	Yes
Local:	No
Published:	Feb 17 2012 12:00AM
Updated:	Feb 17 2012 12:00AM
Credit:	Roger Wemyss of Dell SecureWorks
Vulnerable:	Imperva SecureSphere Web Application Firewall 9.0 Imperva SecureSphere Web Application Firewall 8.5 Imperva SecureSphere Web Application Firewall 8.0 Imperva SecureSphere Web Application Firewall 7.5 Imperva SecureSphere Web Application Firewall 7.0 Imperva SecureSphere Web Application Firewall 6.2
Not Vulnerable:	Imperva SecureSphere Web Application Firewall 9.0 Patch 1

SecureSphere Web Application Firewall Username HTML Injection Vulnerability

Imperva SecureSphere Web Application Firewall is prone to an HTML-injection vulnerability prone to an because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.

SecureSphere Web Application Firewall 9.0 is vulnerable.

SecureSphere Web Application Firewall Username HTML Injection Vulnerability

An attacker can exploit this issue through a browser.

SecureSphere Web Application Firewall Username HTML Injection Vulnerability

Solution:
Updates are available. Please see the references for more details.

SecureSphere Web Application Firewall Username HTML Injection Vulnerability

References:

• Imperva SecureSphere persistent cross-site scripting vulnerability (Dell)
  
• Imperva Security Response for CVE-2011-4887 (Imperva)
  
• Vendor Homepage (Imperva)