Vigil@nce: IronPort AsyncOS, Cross Site Scripting
June 2009 by Vigil@nce
An attacker can use a malicious Referer header in order to
generate a Cross Site Scripting in the login page of Spam
Quarantine.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 05/06/2009
IMPACTED PRODUCTS
– IronPort Email
– IronPort Management
DESCRIPTION OF THE VULNERABILITY
The Spam Quarantine service of IronPort C, M and X appliances is
used by the administrator to manage messages which are quarantined.
The login page of Spam Quarantine displays information extracted
from the Referer HTTP header. However, this header is not filtered
before being displayed. An attacker can therefore generate a Cross
Site Scripting.
An attacker can thus execute JavaScript code in the context of the
administration web site of IronPort appliances.
CHARACTERISTICS
Identifiers: 18365, BID-35203, CVE-2009-1162, VIGILANCE-VUL-8767
http://vigilance.fr/vulnerability/IronPort-AsyncOS-Cross-Site-Scripting-8767