Summary
This host is running Arbor Networks Peakflow SP and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Arbor Networks Peakflow SP 5.1.1 patch 6, 5.5 patch 4, 5.6.0 patch 1 or later
For updates refer to http://www.arbornetworks.com/peakflow-sp-traffic-anomaly-detection.html
Insight
Input appended to the URL after 'index/' in the login interface is not properly sanitised before being returned to the user.
Affected
Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1
References
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0019.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0036.html
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0037.html
- http://osvdb.org/show/osvdb/81052
- http://secunia.com/advisories/48728
- http://xforce.iss.net/xforce/xfdb/74648
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4685 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities