| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B70B66DA655F144855183C68062EE89E63E61@trexchange.csnc.ch> Date: Thu, 14 Jun 2012 21:50:46 +0200 From: "Ivan Buetler" <ivan.buetler@...c.ch> To: <bugtraq@...urityfocus.com> Subject: AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats. nevisProxy is a component of AdNovum's security framework Nevis. The security product is prone to a XSS vulnerability in its redirection routine. Details: ----------- http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_ 302_Redirections_publicVersion.txt References: ----------- http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s ubsubpage=nevisproxy Credits: ----------- Alexandre Herzog <alexandre.herzog@...c.ch> (Compass Security Analyst, Switzerland) Switzerland, 14.6.2012 Compass Security AG is a Swiss leading ethical hacking and penetration testing company. (www.csnc.ch) Regards Ivan Buetler
Powered by blists - more mailing lists