Imperva Blog|Login|中文Deutsch日本語
Application Defense Center

Imperva Security Response for CVE-2011-0767

Imperva SecureSphere Persistent Cross-site Scripting Vulnerability

Revision History

Date: 5/23/2011
Comments: Initial Version

Status Summary

A cross-site scripting vulnerability as described in CVE-2011-0767 exists in the SecureSphere 6.2, 7.x, 8.x management GUI.

Affected product(s)/version(s):

  • SecureSphere Web Application Firewall 6.2 MX Management Server (all 6.2 releases)
  • SecureSphere Web Application Firewall 7.x MX Management Server (all 7.x releases)
  • SecureSphere Web Application Firewall 8.x MX Management Server (all 8.x releases)
Not affected product(s)/version(s):
The following versions are not vulnerable:
  • SecureSphere 6.2 Gateway (all 6.2 releases)
  • SecureSphere 7.x Gateway (all 7.x releases)
  • SecureSphere 8.x Gateway (all 8.x releases)

Description

Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere. SecureSphere properly detects the cross-site scripting payload destined for the protected server and records an event. The system’s event database stores this event but improperly sanitizes the event when it is displayed in the GUI.

The attack would be invoked if the administrator actively viewed the alert details generated by the XSS vector.

Acknowledgement

Dell Secureworks (www.secureworks.com)

Vendor Fix

A fix is currently available from Imperva support. Customers with questions or issues should contact Imperva support for more information and/or guidance.

MX VersionRelease & Patch Number
SecureSphere 6.2 Releases 6442-6463 Patch 30
SecureSphere 7.0Releases 7061-7078 Patch 22
SecureSphere 7.5 Release 7564 Patch 10
SecureSphere 8.0 Release 8265 Patch 3
SecureSphere 8.5 Release 8.5 Patch 1

PATCH DOWNLOAD: The patch and release notes are available on the FTP Site. (Imperva Username and Credentials Required)

References

SecureWorks Security Advisory: http://www.secureworks.com/research/advisories/SWRX-2011-001/

Disclaimer

The information within this advisory is subject to change without notice. Use of this information constitutes acceptance for use in an AS IS condition. Any use of this information is at the user’s own risk. There are no warranties, implied or expressed, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information.

Redistribution of this alert electronically is allowed as long as it is not edited in any way. To reprint this alert, in whole or in part, in any medium other than electronic medium, adc@imperva.com for permission.