mimesweeperXSS.txt

2006-07-12T00:00:00
ID PACKETSTORM:48158
Type packetstorm
Reporter Erez Metula
Modified 2006-07-12T00:00:00

Description

                                        
                                            `This is a multi-part message in MIME format.  
  
------_=_NextPart_001_01C6A369.3FE6BA2F  
Content-Type: text/plain;  
charset="us-ascii"  
Content-Transfer-Encoding: quoted-printable  
  
=20  
  
MIMESweeper For Web 5.X Cross Site Scripting  
  
=20  
  
=20  
  
I. INTRODUCTION  
  
=20  
  
MIMESweeper For Web is a policy-based content security for web  
applications. It analyzes web content and blocks pages or files that are  
prohibited by the organizational security policy.  
  
=20  
  
For more Information please refer to:  
  
http://www.clearswift.com/products/msw/msw_web/default.aspx  
  
=20  
  
=20  
  
II. DESCRIPTION  
  
=20  
  
A XSS vulnerability was discovered by Erez Metula. When accessing a URL  
which is not permitted the user is redirected to an "access denied" page  
that is vulnerable to XSS. The page does not input validate / HTML  
Encode the input and displays the data "as is".  
  
=20  
  
Usually this means that it enables an attacker to inject HTML or  
Javascript code into users's browsers, and by that bypassing the browser  
DOM restrictions.  
  
This javascript code can perform actions on behalf of the user, steal  
authentication cookies, change the appearance of web pages, perform  
phishing ,and generally can do everything to the original page.  
  
=20  
  
=20  
  
III. EXPLOITATION  
  
=20  
  
The vulnerability can be exploited by just redirecting the client to  
some URL that is restricted by MIMESweeper policy and adding the script  
at the end of the URL.  
  
=20  
  
Example PoC:  
  
http://SomeBlackListedSite/<script>PAYLOAD</script  
<http://someblacklistedsite/%3cscript%3ePAYLOAD%3c/script> >  
  
=20  
  
=20  
  
IV. IMPACT  
  
=20  
  
Using the MIMESweeper capabilities of a central gateway to spread  
malicious scripts to users.  
  
An example attack scenario could be that an attacker will redirect many  
users (by email, posting in the organization portal, etc.) to some  
blocked URL and an accompanying script that will steal their  
authentication cookies.  
  
=20  
  
V. DETECTION  
  
=20  
  
Detection of this vulnerability involves injecting some HTML tags /  
scripts to a blocked URL that will be responded by the MIMESweeper with  
the vulnerable page.  
  
=20  
  
VI. WORKAROUND  
  
=20  
  
Clearswift released a patch for this vulnerability, following the  
initial contact &notification.  
  
The patch can be obtained from:  
  
http://www.clearswift.com/support/msw/patch_MswWeb.aspx  
  
termed as "MIMEsweeper for Web 5.1.15 Hotfix"  
  
=20  
  
=20  
  
VII. VENDOR RESPONSE  
  
=20  
  
Clearswift has been informed on the 27/6/06 by e-mail to their support.  
  
Clearswift released a fixed version of the software.  
  
=20  
  
=20  
  
VIII. DISCLOSURE TIMELINE  
  
=20  
  
27/06/06 Identification of the flaw  
  
27/06/06 Reporting the flaw to clearswift by email  
  
27/06/06 Response from clearswift, asking for more  
description  
  
27/06/06 Providing the full description to clearswift  
  
28/06/06 Clearswift acknowledge of the vulnerability  
  
06/07/06 Patch released by clearswift  
  
09/07/06 Public advisory  
  
=20  
  
=20  
  
IX. CREDITS  
  
=20  
  
The vulnerability was discovered by Erez Metula.  
  
=20  
  
Erez Metula, CISSP =20  
Application Security Department Manager  
  
Security Software Engineer  
  
E-Mail: erezmetula@2bsecure.co.il <mailto:erezmetula@2bsecure.co.il>=20  
  
=20  
  
=20  
  
=20  
  
  
------_=_NextPart_001_01C6A369.3FE6BA2F  
Content-Type: text/html;  
charset="us-ascii"  
Content-Transfer-Encoding: quoted-printable  
  
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =  
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =  
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =  
xmlns=3D"http://www.w3.org/TR/REC-html40">  
  
<head>  
<meta http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Dus-ascii">  
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">  
<style>  
<!--  
/* Style Definitions */  
p.MsoNormal, li.MsoNormal, div.MsoNormal  
{margin:0cm;  
margin-bottom:.0001pt;  
text-align:right;  
direction:rtl;  
unicode-bidi:embed;  
font-size:12.0pt;  
font-family:"Times New Roman";}  
a:link, span.MsoHyperlink  
{color:blue;  
text-decoration:underline;}  
a:visited, span.MsoHyperlinkFollowed  
{color:purple;  
text-decoration:underline;}  
span.EmailStyle17  
{mso-style-type:personal-compose;  
font-family:Arial;  
color:windowtext;}  
@page Section1  
{size:595.3pt 841.9pt;  
margin:72.0pt 90.0pt 72.0pt 90.0pt;}  
div.Section1  
{page:Section1;}  
-->  
</style>  
  
</head>  
  
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>  
  
<div class=3DSection1 dir=3DRTL>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>MIMESweeper For Web 5.X =  
Cross Site  
Scripting<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>I. =  
INTRODUCTION<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>MIMESweeper For Web is a =  
policy-based  
content security for web applications. It analyzes web content and =  
blocks pages  
or files that are prohibited by the organizational security =  
policy.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>For more Information please =  
refer to:<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><a  
href=3D"http://www.clearswift.com/products/msw/msw_web/default.aspx">http=  
://www.clearswift.com/products/msw/msw_web/default.aspx</a><o:p></o:p></s=  
pan></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>II. =  
DESCRIPTION<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>A XSS vulnerability was =  
discovered  
by Erez Metula. When accessing a URL which is not permitted the user is  
redirected to an "access denied" page that is vulnerable to =  
XSS. The page  
does not input validate / HTML Encode the input and displays the data =  
"as  
is".<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>Usually  
this means that it enables an attacker to inject HTML or Javascript code =  
into  
users's browsers, and by that bypassing the browser DOM =  
restrictions.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>This  
javascript code can perform actions on behalf of the user, steal =  
authentication  
cookies, change the appearance of web pages, perform phishing ,and =  
generally  
can do everything to the original page.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'> <o:p></o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>III. =  
EXPLOITATION<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>The  
vulnerability can be exploited by just redirecting the client to some =  
URL that  
is restricted by MIMESweeper policy and adding the script at the end of =  
the  
URL.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>Example  
PoC:<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'><a  
href=3D"http://someblacklistedsite/%3cscript%3ePAYLOAD%3c/script">http://=  
SomeBlackListedSite/<script>PAYLOAD</script</a>><o:p></o:p></=  
span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'margin-left:36.0pt;text-align:left;  
direction:ltr;unicode-bidi:embed'><font size=3D3 face=3D"Times New =  
Roman"><span  
style=3D'font-size:12.0pt'> </span></font><font size=3D2 =  
face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p=  
>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>IV. =  
IMPACT<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>Using the MIMESweeper =  
capabilities  
of a central gateway to spread malicious scripts to =  
users.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>An example attack scenario =  
could be  
that an attacker will redirect many users (by email, posting in the  
organization portal, etc.) to some blocked URL and an accompanying =  
script that  
will steal their authentication cookies.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>V. =  
DETECTION<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>Detection of this =  
vulnerability involves  
injecting some HTML tags / scripts to a blocked URL that will be =  
responded by  
the MIMESweeper with the vulnerable page.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>VI. =  
WORKAROUND<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>Clearswift released a patch =  
for this  
vulnerability, following the initial contact =  
&notification.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>The patch can be obtained =  
from:<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><a  
href=3D"http://www.clearswift.com/support/msw/patch_MswWeb.aspx">http://w=  
ww.clearswift.com/support/msw/patch_MswWeb.aspx</a><o:p></o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>termed as "<b><span  
style=3D'font-weight:bold'>MIMEsweeper for Web 5.1.15 =  
Hotfix</span>"</span></b><o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>VII. VENDOR =  
RESPONSE<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>Clearswift has been =  
informed on the 27/6/06  
by e-mail to their support.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>Clearswift released a fixed =  
version  
of the software.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span =  
lang=3DPT-BR  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>VIII. DISCLOSURE =  
TIMELINE<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>27/06/06 =  
           =  
Identification  
of the flaw<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>27/06/06 =  
           Reporting  
the flaw to clearswift by email<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>27/06/06 =  
           Response  
from clearswift, asking for more =  
description<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>27/06/06 =  
           Providing  
the full description to clearswift<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>28/06/06 =  
           Clearswift  
acknowledge of the vulnerability<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;line-height:150%;text-autospace:  
none;direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;line-height:150%;font-family:Arial'>06/07/06 =  
           Patch  
released by clearswift<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>09/07/06 =  
           Public  
advisory<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>IX. =  
CREDITS<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'>The vulnerability was =  
discovered by Erez  
Metula.<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;text-autospace:none;  
direction:ltr;unicode-bidi:embed'><font size=3D2 face=3DArial><span  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>Erez  
Metula, CISSP    <br>  
Application Security Department Manager<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'>Security Software  
Engineer<o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span lang=3DPT-BR =  
style=3D'font-size:10.0pt;  
font-family:Arial'>E-Mail: </span></font><font size=3D2 =  
face=3DArial><span  
lang=3DPT-BR style=3D'font-size:10.0pt;font-family:Arial'> =  
</span></font><font  
size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'><a  
href=3D"mailto:erezmetula@2bsecure.co.il"><font color=3Dblack><span  
style=3D'color:windowtext;text-decoration:none'>erezmetula@2bsecure.co.il=  
</span></font></a><o:p></o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span lang=3DPT-BR =  
style=3D'font-size:10.0pt;  
font-family:Arial'><o:p> </o:p></span></font></p>  
  
<p class=3DMsoNormal dir=3DLTR =  
style=3D'text-align:left;direction:ltr;unicode-bidi:  
embed'><font size=3D2 face=3DArial><span =  
style=3D'font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></fo=  
nt></p>  
  
<p class=3DMsoNormal dir=3DRTL><font size=3D3 face=3D"Times New =  
Roman"><span lang=3DHE  
style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p>  
  
</div>  
  
</body>  
  
</html>  
  
------_=_NextPart_001_01C6A369.3FE6BA2F--  
`