Sign-up

ID

VAR-201409-0042


CVE

CVE-2011-4887


TITLE

Imperva SecureSphere Web Application Firewall of MX Management Server Management GUI Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-005340

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Imperva SecureSphere Web Application Firewall is prone to an HTML-injection vulnerability prone to an because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. SecureSphere Web Application Firewall 9.0 is vulnerable. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: SecureSphere Web Application Firewall Username Script Insertion Vulnerability SECUNIA ADVISORY ID: SA48086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48086 RELEASE DATE: 2012-02-17 DISCUSS ADVISORY: http://secunia.com/advisories/48086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Roger Wemyss has reported a vulnerability in SecureSphere Web Application Firewall, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed to a web server protected by SecureSphere is not properly sanitised before being displayed to the user. The vulnerability is reported in version 9.0. SOLUTION: Update to version 9.0 Patch 1. PROVIDED AND/OR DISCOVERED BY: Roger Wemyss, Dell SecureWorks ORIGINAL ADVISORY: SecureSphere: http://www.imperva.com/resources/adc/adc_advisories_response_secureworks_CVE-2011-4887.html Dell SecureWorks: http://www.secureworks.com/research/advisories/SWRX-2012-002/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information see vulnerability #6 in: SA47816 SOLUTION: Apply updated packages

Trust: 2.16

sources: NVD: CVE-2011-4887 // JVNDB: JVNDB-2011-005340 // BID: 52064 // VULHUB: VHN-52832 // PACKETSTORM: 109926 // PACKETSTORM: 110051

AFFECTED PRODUCTS

vendor:impervamodel:securesphere web application firewallscope:eqversion:9.0

Trust: 2.7

vendor:impervamodel:securesphere web application firewallscope:eqversion:8.5

Trust: 0.3

vendor:impervamodel:securesphere web application firewallscope:eqversion:8.0

Trust: 0.3

vendor:impervamodel:securesphere web application firewallscope:eqversion:7.5

Trust: 0.3

vendor:impervamodel:securesphere web application firewallscope:eqversion:7.0

Trust: 0.3

vendor:impervamodel:securesphere web application firewallscope:eqversion:6.2

Trust: 0.3

vendor:impervamodel:securesphere web application firewall patchscope:neversion:9.01

Trust: 0.3

sources: BID: 52064 // JVNDB: JVNDB-2011-005340 // CNNVD: CNNVD-201202-365 // NVD: CVE-2011-4887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4887
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4887
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-52832
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4887
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-52832
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-52832 // JVNDB: JVNDB-2011-005340 // CNNVD: CNNVD-201202-365 // NVD: CVE-2011-4887

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-52832 // JVNDB: JVNDB-2011-005340 // NVD: CVE-2011-4887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-365

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005340

PATCH
title:Imperva Security Response for CVE-2011-4887url:http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-005340

EXTERNAL IDS
db:NVDid:CVE-2011-4887
Trust: 2.9
db:BIDid:52064
Trust: 2.0
db:SECUNIAid:48086
Trust: 1.9
db:OSVDBid:79338
Trust: 1.7
db:JVNDBid:JVNDB-2011-005340
Trust: 0.8
db:CNNVDid:CNNVD-201202-365
Trust: 0.7
db:SECUNIAid:48095
Trust: 0.7
db:NSFOCUSid:18796
Trust: 0.6
db:XFid:73264
Trust: 0.6
db:VULHUBid:VHN-52832
Trust: 0.1
db:PACKETSTORMid:109926
Trust: 0.1
db:PACKETSTORMid:110051
Trust: 0.1
sources:
            
            
            VULHUB: VHN-52832 // 
            
            
            
            BID: 52064 // 
            
            
            
            JVNDB: JVNDB-2011-005340 // 
            
            
            
            PACKETSTORM: 109926 // 
            
            
            
            PACKETSTORM: 110051 // 
            
            
            
            CNNVD: CNNVD-201202-365 // 
            
            
            
            NVD: CVE-2011-4887

REFERENCES
url:http://www.secureworks.com/cyber-threat-intelligence/advisories/swrx-2012-002/
Trust: 2.5
url:http://secunia.com/advisories/48086
Trust: 2.3
url:http://www.securityfocus.com/bid/52064
Trust: 1.7
url:http://www.imperva.com/services/adc_advisories_response_secureworks_cve_2011_4887
Trust: 1.7
url:http://osvdb.org/79338
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/73264
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4887
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4887
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/73264
Trust: 0.6
url:http://secunia.com/advisories/48095
Trust: 0.6
url:http://www.nsfocus.net/vulndb/18796
Trust: 0.6
url:http://www.secureworks.com/research/advisories/swrx-2012-002/
Trust: 0.4
url:http://www.imperva.com/resources/adc/adc_advisories_response_secureworks_cve-2011-4887.html
Trust: 0.4
url:http://www.imperva.com
Trust: 0.3
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.2
url:http://www.rsaconference.com/events/2012/usa/index.htm
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/48086/#comments
Trust: 0.1
url:http://secunia.com/advisories/48086/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48086
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48095
Trust: 0.1
url:http://secunia.com/advisories/48095/
Trust: 0.1
url:http://secunia.com/advisories/48095/#comments
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1370-1
Trust: 0.1
sources:
            
            
            VULHUB: VHN-52832 // 
            
            
            
            BID: 52064 // 
            
            
            
            JVNDB: JVNDB-2011-005340 // 
            
            
            
            PACKETSTORM: 109926 // 
            
            
            
            PACKETSTORM: 110051 // 
            
            
            
            CNNVD: CNNVD-201202-365 // 
            
            
            
            NVD: CVE-2011-4887

CREDITS
Roger Wemyss of Dell SecureWorks
Trust: 0.9
sources:
            
            
            BID: 52064 // 
            
            
            
            CNNVD: CNNVD-201202-365

SOURCES
db:VULHUBid:VHN-52832
db:BIDid:52064
db:JVNDBid:JVNDB-2011-005340
db:PACKETSTORMid:109926
db:PACKETSTORMid:110051
db:CNNVDid:CNNVD-201202-365
db:NVDid:CVE-2011-4887

LAST UPDATE DATE
2024-08-14T12:35:52.174000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-52832date:2017-08-29T00:00:00
db:BIDid:52064date:2012-02-17T00:00:00
db:JVNDBid:JVNDB-2011-005340date:2014-09-12T00:00:00
db:CNNVDid:CNNVD-201202-365date:2014-09-15T00:00:00
db:NVDid:CVE-2011-4887date:2017-08-29T01:30:37.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-52832date:2014-09-11T00:00:00
db:BIDid:52064date:2012-02-17T00:00:00
db:JVNDBid:JVNDB-2011-005340date:2014-09-12T00:00:00
db:PACKETSTORMid:109926date:2012-02-18T07:59:05
db:PACKETSTORMid:110051date:2012-02-22T08:41:39
db:CNNVDid:CNNVD-201202-365date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4887date:2014-09-11T14:16:02.897