Rabu, 01 Agustus 2012

0

Dr. Web Control Center 6.00.3.201111300 Cross Site Scripting

  • Rabu, 01 Agustus 2012
  • AcehCyber
    • Dr. Web Control Center Admin UI Remote Script Code Injection=============================================================Affected Products/Versions--------------------------Product Name: Dr. Web Enterprise ServerVersion Number: 6.00.3.201111300
    Product/Company Information--------------------------->From Dr. Web's website: "Dr.Web Enterprise Security Suite is a set of Dr.Web software products incorporating anti-virusesfor protection of all hosts in a corporate network and a single Control Center for managing most of the products."
    Dr. Web's Website can be found at http://www.drweb.com
    Vulnerability Description-------------------------Dr. Web Enterprise Security Suite is managed via a web based interface called Control Center.If an attacker suplies java script code instead of a username on the login page, this script code will be automatically executedevery time an administrative user is viewing the audit log.This attack can be used to steal authentication cookies or to drive further attacks.

    Patch Information-----------------Patch is available from vendor.
    Advisory Information---------------------This: http://www.oliverkarow.de/research/drweb.txt
    History-------13/07/2012 - Informing Dr. Web about vulnerability16/07/2012 - Initial response from Dr. Web23/07/2012 - Fix successfully tested, sent response to Dr. Web

    30/07/2012 - Advisory release

    Do you like this article? Spread the words!

    If you enjoyed this post, please consider leaving a comment or subscribing to the E-mail feed to have future articles delivered to your feed reader.

    0 Responses to “Dr. Web Control Center 6.00.3.201111300 Cross Site Scripting”


    *Important - If you want to be informed of any replies to your comment, check the "Subscribe By Email" before submitting. Please Do Not Spam

    Posting Komentar

    Langganan: Posting Komentar (Atom)