| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Sep 2008 07:26:38 +0200 From: Hugo van der Kooij <hvdkooij@...derkooij.org> To: jplopezy@...il.com Cc: bugtraq@...urityfocus.com Subject: Re: Blue Coat xss -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jplopezy@...il.com wrote: > There is a security issue in the blue coat. > The problem lies in the "Web Filter", which lets you execute an XSS. > This only affects the Internet Explorer browser. " > > as a result, could jump the antivirus scan or make spoofing. > > POC > > http://www.example.com/file.exe?<script>(1)</script> I am afraid you need to clarify yourself a bit further. What policy are you using? What resource(s) besides a ProxySG are you using? (You mention Webfilter and antivirus.) What versions of SGOS did you test? In short. Write a report that is clear and not too ambigious to be taken seriously Hugo. - -- hvdkooij@...derkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD 6FKJxRIGrMITOJZcl+LyeUk= =GR9o -----END PGP SIGNATURE-----
Powered by blists - more mailing lists