Imperva Security Response for CVE-2011-0767Imperva SecureSphere Persistent Cross-site Scripting Vulnerability
Revision HistoryDate: 5/23/2011
Comments: Initial Version
A cross-site scripting vulnerability as described in CVE-2011-0767 exists in the SecureSphere 6.2, 7.x, 8.x management GUI.
- SecureSphere Web Application Firewall 6.2 MX Management Server (all 6.2 releases)
- SecureSphere Web Application Firewall 7.x MX Management Server (all 7.x releases)
- SecureSphere Web Application Firewall 8.x MX Management Server (all 8.x releases)
The following versions are not vulnerable:
- SecureSphere 6.2 Gateway (all 6.2 releases)
- SecureSphere 7.x Gateway (all 7.x releases)
- SecureSphere 8.x Gateway (all 8.x releases)
Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere. SecureSphere properly detects the cross-site scripting payload destined for the protected server and records an event. The system’s event database stores this event but improperly sanitizes the event when it is displayed in the GUI.
The attack would be invoked if the administrator actively viewed the alert details generated by the XSS vector.
Dell Secureworks (www.secureworks.com)
A fix is currently available from Imperva support. Customers with questions or issues should contact Imperva support for more information and/or guidance.
|MX Version||Release & Patch Number|
|SecureSphere 6.2||Releases 6442-6463 Patch 30|
|SecureSphere 7.0||Releases 7061-7078 Patch 22|
|SecureSphere 7.5||Release 7564 Patch 10|
|SecureSphere 8.0||Release 8265 Patch 3|
|SecureSphere 8.5||Release 8.5 Patch 1|
PATCH DOWNLOAD: The patch and release notes are available on the FTP Site. (Imperva Username and Credentials Required)
SecureWorks Security Advisory: http://www.secureworks.com/research/advisories/SWRX-2011-001/
The information within this advisory is subject to change without notice. Use of this information constitutes acceptance for use in an AS IS condition. Any use of this information is at the user’s own risk. There are no warranties, implied or expressed, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information.Redistribution of this alert electronically is allowed as long as it is not edited in any way. To reprint this alert, in whole or in part, in any medium other than electronic medium, firstname.lastname@example.org for permission.