lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 26 Feb 2009 21:46:28 +0300
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@...URITY.NNOV.RU>
To: Digital Security Research Group <research@...c.ru>
Cc: bugtraq@...urityfocus.com, vuln@...unia.com,
	packet@...ketstormsecurity.org
Subject: Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability

Dear Digital Security Research Group,



--Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq@...urityfocus.com:



DSRG> Application:                    APC PowerChute Network Shutdown's Web Interface
DSRG> Vendor URL:                     http://www.apc.com/
DSRG> Bug:                            XSS/Response Splitting

DSRG> Solution:                       Use Firewall

Just wonder: how can firewall to protect against XSS/response splitting?


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ