AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scrip
Hi all,
nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.
The security product is prone to a XSS vulnerability in its redirection
routine.=20
Details:
-----------
http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt
References:
-----------
http://www.adnovum.ch/en/products/index.php?page=3Dsecprod&subpage=3Dnevi=
s&s
ubsubpage=3Dnevisproxy
Credits:
-----------
Alexandre Herzog <alexandre.herzog@csnc.ch> (Compass Security Analyst,
Switzerland)
Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)
Regards
Ivan Buetler