Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Arbor Networks Peakflow SP and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Arbor Networks Peakflow SP 5.1.1 patch 6, 5.5 patch 4, 5.6.0 patch 1 or later For updates refer to http://www.arbornetworks.com/peakflow-sp-traffic-anomaly-detection.html

Insight

Input appended to the URL after 'index/' in the login interface is not properly sanitised before being returned to the user.

Affected

Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1

References

http://archives.neohapsis.com/archives/bugtraq/2012-04/0019.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0036.html
http://archives.neohapsis.com/archives/bugtraq/2012-04/0037.html
http://osvdb.org/show/osvdb/81052
http://secunia.com/advisories/48728
http://xforce.iss.net/xforce/xfdb/74648

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4685

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
Ecava IntegraXor Directory Traversal Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
HTTP File Server Security Bypass and Denial of Service Vulnerabilities
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities