[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re[2]: [DSECRG-09-009] APC PowerChute Network Shutdown's Web Interface - XSS vulnerability
From:       Alexandr Polyakov <alexandr.polyakov () dsec ! ru>
Date:       2009-02-27 9:59:13
Message-ID: 1896778957.20090227125913 () dsec ! ru
[Download RAW message or body]

Здравствуйте, Vladimir.

 ы писали 26 февраля 2009 г., 21:46:28:

> Dear Digital Security Research Group,



> --Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq@securityfocus.com:



DSRG>> Application:                    APC PowerChute Network Shutdown's Web \
Interface DSRG>> Vendor URL:                     http://www.apc.com/
DSRG>> Bug:                            XSS/Response Splitting

DSRG>> Solution:                       Use Firewall

> Just wonder: how can firewall to protect against XSS/response splitting?


This Solution taken from vendors advice.






Polyakov Alexandr
Information Security Analyst
______________________
DIGITAL SECURITY
phone:  +7 812 703 1547
        +7 812 430 9130
e-mail: a.polyakov@dsec.ru  
www.dsec.ru


-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise \
protected  from disclosure. If you are not the intended recipient any use, \
distribution, copying or disclosure  is strictly prohibited. If you have received \
this message in error, please notify the sender immediately  either by telephone or \
by e-mail and delete this message and any attachment from your system. Correspondence \
 via e-mail is for information purposes only. Digital Security neither makes nor \
accepts legally binding  statements by e-mail unless otherwise agreed. 
-----------------------------------      


[prev in list] [next in list] [prev in thread] [next in thread]