Imperva Security Response for CVE-2011-4887

Imperva SecureSphere Persistent Cross-Site Scripting Vulnerability

Revision History
Date: 2/15/2012
Comments: Initial Version

Status Summary

A cross-site scripting vulnerability as described in CVE-2011-4887 exists in the SecureSphere WAF 9.0 management GUI.

Affected product(s)/version(s):

  • SecureSphere Web Application Firewall 9.0 MX Management Server
Not affected product(s)/version(s):
The following versions or products are not vulnerable:
  • SecureSphere 7.0, 7.5, 8.0, 8.5
  • SecureSphere 9.0 Web Application Firewall Gateway

Description

Under some configurations an attacker can invoke a XSS attack against the SecureSphere WAF management GUI by sending a request containing a maliciously crafted XSS vector to a web server protected by SecureSphere. SecureSphere properly detects the cross-site scripting payload destined for the protected server and records an event. The system’s event database stores this event but improperly sanitizes the event when it is displayed in the GUI.

The attack would be invoked if the administrator actively viewed the alert details generated by the XSS vector.


Acknowledgement

Dell SecureWorks (www.secureworks.com)


Vendor Fix

A fix is currently available from Imperva support. Customers with questions or issues should contact Imperva support for more information and/or guidance.


MX Version Release & Patch Number
SecureSphere 9.0 Release 9.0 Patch 1


PATCH DOWNLOAD
32 Bit
The patch and release notes are available on the FTP Site.
(Imperva Username and Credentials Required)

64 Bit
The patch and release notes are available on the FTP Site.
(Imperva Username and Credentials Required)


References

SecureWorks Security Advisory: http://www.secureworks.com/research/advisories/SWRX-2012-002/