Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability

To: Digital Security Research Group <research@xxxxxxx>
Subject: Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 26 Feb 2009 21:46:28 +0300
Cc: bugtraq@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, packet@xxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <310590197.20090226194050@xxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <310590197.20090226194050@xxxxxxx>
Reply-to: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>

Dear Digital Security Research Group,



--Thursday, February 26, 2009, 7:40:50 PM, you wrote to 
bugtraq@xxxxxxxxxxxxxxxxx:



DSRG> Application:                    APC PowerChute Network Shutdown's Web 
Interface
DSRG> Vendor URL:                     http://www.apc.com/
DSRG> Bug:                            XSS/Response Splitting

DSRG> Solution:                       Use Firewall

Just wonder: how can firewall to protect against XSS/response splitting?


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/

Follow-Ups:
- Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
  - From: Alexandr Polyakov
- Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
  - From: Ansgar Wiechers

References:
- [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
  - From: Digital Security Research Group

Prev by Date: [ MDVSA-2009:026-1 ] phpMyAdmin
Next by Date: [ MDVSA-2009:056 ] net-snmp
Previous by thread: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
Next by thread: Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
Index(es):
- Date
- Thread