Imperva Security Response for CVE-2011-0767
Comments: Initial Version
A cross-site scripting vulnerability as described in CVE-2011-0767 exists in the SecureSphere 6.2, 7.x, 8.x management GUI.
- SecureSphere Web Application Firewall 6.2 MX Management Server (all 6.2 releases)
- SecureSphere Web Application Firewall 7.x MX Management Server (all 7.x releases)
- SecureSphere Web Application Firewall 8.x MX Management Server (all 8.x releases)
The following versions are not vulnerable:
- SecureSphere 6.2 Gateway (all 6.2 releases)
- SecureSphere 7.x Gateway (all 7.x releases)
- SecureSphere 8.x Gateway (all 8.x releases)
Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere. SecureSphere properly detects the cross-site scripting payload destined for the protected server and records an event. The systemâ€™s event database stores this event but improperly sanitizes the event when it is displayed in the GUI.
The attack would be invoked if the administrator actively viewed the alert details generated by the XSS vector.
Dell Secureworks (www.secureworks.com)
A fix is currently available from Imperva support. Customers with questions or issues should contact Imperva support for more information and/or guidance.
|MX Version||Release & Patch Number|
|SecureSphere 6.2||Releases 6442-6463 Patch 30|
|SecureSphere 7.0||Releases 7061-7078 Patch 22|
|SecureSphere 7.5||Release 7564 Patch 10|
|SecureSphere 8.0||Release 8265 Patch 3|
|SecureSphere 8.5||Release 8.5 Patch 1|
PATCH DOWNLOAD: The patch and release notes are available on the FTP Site.
(Imperva Username and Credentials Required)
SecureWorks Security Advisory: http://www.secureworks.com/research/advisories/SWRX-2011-001/