[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From:       Ansgar Wiechers <bugtraq () planetcobalt ! net>
Date:       2009-02-26 21:15:50
Message-ID: 20090226211550.GA29752 () mail ! planetcobalt ! net
[Download RAW message or body]

On 2009-02-26 Vladimir '3APA3A' Dubrovin wrote:
> --Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq@securityfocus.com:
> DSRG> Application:       APC PowerChute Network Shutdown's Web Interface
> DSRG> Vendor URL:        http://www.apc.com/
> DSRG> Bug:               XSS/Response Splitting
> 
> DSRG> Solution:          Use Firewall
> 
> Just wonder: how can firewall to protect against XSS/response splitting?

You don't give the bad guys access to your UPS's web interface?

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
[prev in list] [next in list] [prev in thread] [next in thread]