Barracuda WAF 660 'filter' Parameter Cross Site Scripting Vulnerability
BID:52360
Info
Barracuda WAF 660 'filter' Parameter Cross Site Scripting Vulnerability
| Bugtraq ID: | 52360 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2012 12:00AM |
| Updated: | Mar 08 2012 12:00AM |
| Credit: | Benjamin Kunz Mejri |
| Vulnerable: |
Barracuda Networks Barracuda WAF 660 7.6 028 |
| Not Vulnerable: | |
Discussion
Barracuda WAF 660 'filter' Parameter Cross Site Scripting Vulnerability
Barracuda WAF 660 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Barracuda WAF 660 7.6.0.028 is affected; other versions may also be vulnerable.
Barracuda WAF 660 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Barracuda WAF 660 7.6.0.028 is affected; other versions may also be vulnerable.
Solution / Fix
Barracuda WAF 660 'filter' Parameter Cross Site Scripting Vulnerability
Solution:
Reportedly, the vendor has fixed the issue, however Symantec has not confirmed it. Please contact the vendor for more information.
Solution:
Reportedly, the vendor has fixed the issue, however Symantec has not confirmed it. Please contact the vendor for more information.
References
Barracuda WAF 660 'filter' Parameter Cross Site Scripting Vulnerability
References:
References:
- Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability (Vulnerability Research Laboratory)
- Barracuda Web Application Firewall Homepage (Barracuda Networks)