Imperva Security Response for CVE-2011-0767

Imperva SecureSphere Persistent Cross-site Scripting Vulnerability

Revision History
Date: 5/23/2011
Comments: Initial Version

Status Summary

A cross-site scripting vulnerability as described in CVE-2011-0767 exists in the SecureSphere 6.2, 7.x, 8.x management GUI.

Affected product(s)/version(s):

  • SecureSphere Web Application Firewall 6.2 MX Management Server (all 6.2 releases)
  • SecureSphere Web Application Firewall 7.x MX Management Server (all 7.x releases)
  • SecureSphere Web Application Firewall 8.x MX Management Server (all 8.x releases)
Not affected product(s)/version(s):
The following versions are not vulnerable:
  • SecureSphere 6.2 Gateway (all 6.2 releases)
  • SecureSphere 7.x Gateway (all 7.x releases)
  • SecureSphere 8.x Gateway (all 8.x releases)


Under some configurations an attacker can invoke a XSS attack against the SecureSphere management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere. SecureSphere properly detects the cross-site scripting payload destined for the protected server and records an event. The system’s event database stores this event but improperly sanitizes the event when it is displayed in the GUI.

The attack would be invoked if the administrator actively viewed the alert details generated by the XSS vector.


Dell Secureworks (

Vendor Fix

A fix is currently available from Imperva support. Customers with questions or issues should contact Imperva support for more information and/or guidance.

MX Version Release & Patch Number
SecureSphere 6.2 Releases 6442-6463 Patch 30
SecureSphere 7.0 Releases 7061-7078 Patch 22
SecureSphere 7.5 Release 7564 Patch 10
SecureSphere 8.0 Release 8265 Patch 3
SecureSphere 8.5 Release 8.5 Patch 1

PATCH DOWNLOAD: The patch and release notes are available on the FTP Site.
(Imperva Username and Credentials Required)


SecureWorks Security Advisory: