AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

2012-06-17T00:00:00
ID SECURITYVULNS:DOC:28161
Type securityvulns
Reporter Securityvulns
Modified 2012-06-17T00:00:00

Description

Hi all,

nevisProxy is a Swiss secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats. nevisProxy is a component of AdNovum's security framework Nevis.

The security product is prone to a XSS vulnerability in its redirection routine.

Details:

http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_ 302_Redirections_publicVersion.txt

References:

http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s ubsubpage=nevisproxy

Credits:

Alexandre Herzog <alexandre.herzog@csnc.ch> (Compass Security Analyst, Switzerland)

Switzerland, 14.6.2012 Compass Security AG is a Swiss leading ethical hacking and penetration testing company. (www.csnc.ch)

Regards Ivan Buetler