AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

Type securityvulns
Reporter Securityvulns
Modified 2012-06-17T00:00:00


Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats. nevisProxy is a component of AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection routine.

Details: 302_Redirections_publicVersion.txt

References: ubsubpage=nevisproxy


Alexandre Herzog <> (Compass Security Analyst, Switzerland)

Switzerland, 14.6.2012 Compass Security AG is a Swiss leading ethical hacking and penetration testing company. (

Regards Ivan Buetler