SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting



Similar documents
Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Where every interaction matters.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Q: What is CVSS? Q: Who developed CVSS?

WEB ATTACKS AND COUNTERMEASURES

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek

Hack Proof Your Webapps

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Web Application Security

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Common Security Vulnerabilities in Online Payment Systems

Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Cross Site Scripting in Joomla Acajoom Component

Penetration Test Report

Attack Vector Detail Report Atlassian

Rational AppScan & Ounce Products

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

The Top Web Application Attacks: Are you vulnerable?

MWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May Contents

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Attack and Penetration Testing 101

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

MANAGED SECURITY TESTING

What is Web Security? Motivation

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

OWASP AND APPLICATION SECURITY

Check list for web developers

Ethical Hacking Penetrating Web 2.0 Security

Barracuda Web Site Firewall Ensures PCI DSS Compliance

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

WEB 2.0 AND SECURITY

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

Cross-Site Scripting

Overview of the Penetration Test Implementation and Service. Peter Kanters

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

SQL INJECTION IN MYSQL

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Magento Security and Vulnerabilities. Roman Stepanov

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

Pentests more than just using the proper tools

Pentests more than just using the proper tools

Application Security Testing. Generic Test Strategy

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Web Application Security Assessment and Vulnerability Mitigation Tests

Web application security

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

A Tale of the Weaknesses of Current Client-Side XSS Filtering

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Essential IT Security Testing

Secure Web Development Teaching Modules 1. Threat Assessment

External Network & Web Application Assessment. For The XXX Group LLC October 2012

Using Free Tools To Test Web Application Security

BUILDING AN OFFENSIVE SECURITY PROGRAM BUILDING AN OFFENSIVE SECURITY PROGRAM

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015

Web Application Security Considerations

Secure Web Applications. The front line defense

WebCruiser Web Vulnerability Scanner User Guide

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Using Foundstone CookieDigger to Analyze Web Session Management

Technical Findings Sample Report

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Integrating Barracuda Web Application Firewall

Internet Banking System Web Application Penetration Test Report

University of Wisconsin Platteville SE411. Senior Seminar. Web System Attacks. Maxwell Friederichs. April 18, 2013

Objectives. Security. Fixing Our JSTL Problem. Web Application Architecture. Web Security. A few lines of code can wreak more havoc than a bomb.

OWASP Top Ten Tools and Tactics

Web Application Security

EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS

A Tale of the Weaknesses of Current Client-side XSS Filtering

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

10 Things Every Web Application Firewall Should Provide Share this ebook

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

6. Exercise: Writing Security Advisories

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Columbia University Web Security Standards and Practices. Objective and Scope

Offensive Security. Advanced Web Attacks and Exploitation. Mati Aharoni Devon Kearns. v. 1.0

Transcription:

SECURITY ADVISORY December 2008 Barracuda Load Balancer admin login Cross-site Scripting Discovered in December 2008 by FortConsult s Security Research Team/Jan Skovgren

WARNING NOT FOR DISCLOSURE BEFORE PUBLIC RELEASE This document contains proprietary and confidential information. An informal and nonbinding understanding exists between Barracuda Networks and FortConsult that, for the safety of our customers and other users, the details of this advisory will not be made public until February 2009. Please DO NOT forward this document to ANYONE, in any way whatsoever. Table of Contents Table of Contents...2 Copyright and Disclaimer...2 The Security Research Team...2 Issue History...3 Issue Description...3 Issue Impact...3 Affected Components...3 Exploit...4 Mitigation...4 CVE-reference...4 CVSS Base Score...5 Copyright and Disclaimer The information in this advisory is Copyright 2009 FortConsult A/S. It is provided so that our customers and others understand the risk they may be facing by running affected software on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No guarantee is provided for the accuracy of this information, or damage you may cause your systems in testing. The Security Research Team This advisory has been discovered by FortConsult s Security Research Team/Jan Skovgren FortConsult is a specialist in technical services within the field of IT security. We are vulnerability experts that help business enterprises to protect themselves against the numerous security threats that exist today both as impartial consultants and with responsibility for specific tasks. Our primary services are security tests and practically-oriented security consultancy. For more information: www.fortconsult.net. February 2009, Page 2 of 5

Issue History This document has been updated to the present version as information has been received from various external sources. 9 th. December 2008: Issue discovered by Jan Skovgren 9 th. December 2008: Vendor was contacted 10 th. December 2008: Vendor reports back 15 th. December 2008: Vendor issues a fix Link 5 th. February 2009: Disclosure date Link THIS DOCUMENT IS TENTATIVELY SCHEDULED FOR PUBLIC RELEASE VIA THE FORTCONSULT WEBSITE AND SECURITY MAILING LISTS IN February 2009. Issue Description The administrative application used for login to the Barracuda Load balancer is vulnerable to crosssite scripting. Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. A common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver. Issue Impact This makes the site easier to "phish" and can be used to attack the site's clients when they connect to the site. It can make it possible for an attacker to steal information from the client machines that connect to the site. Affected Components Barracuda Load Balancer 640 Maybe other Barracuda products with web admin interface. February 2009, Page 3 of 5

Exploit It is the realm parameter that is vulnerable to cross-site scripting. Navigate your web browser to: http://vulnerablesite/cgi-mod/index.cgi?realm="><script>alert( XSS Possible!!! )</script> This will execute the injected javascript code <script>alert( XSS Possible!!! )</script> and produce an alertbox with the text XSS Possilbe!!! which proofs that the realm parameter is vulnerable to Cross-site scripting. See screen dump below. Tested on FireFox 3.0.4 and IE 7.0.5730.13 Mitigation As a temporary workaround whilst on standby for the vendor to release a fix or an updated version you may want to attempt own input validation at the Firewall Layer, if this is possible. You could also use some other custom-made input validation solution. CVE-reference None yet. February 2009, Page 4 of 5

CVSS Base Score FortConsult has used the online CVSS calculator found at http://nvd.nist.gov/cvss.cfm?calculator&version=2 to calculate these scores. BASE SCORE: 4.3 Metrics: Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None February 2009, Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information