Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: HP ProCurve Switch, Cross Site Scripting

November 2009 by Vigil@nce

An attacker, who is allowed to connect to the administration interface of a HP ProCurve Switch can generate a Cross Site Scripting.

- Severity: 2/4
- Consequences: user access/rights
- Provenance: document
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: unique source (2/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 12/11/2009

IMPACTED PRODUCTS

- HP ProCurve Switch

DESCRIPTION OF THE VULNERABILITY

Allowed administrators can connect to the web interface of a HP ProCurve Switch.

An attacker, who is allowed to change the configuration of the switch, can inject JavaScript code in several fields of the web interface:
- Security - SSL - Organization Name
- Security - SSL - Organization Unit
- Security - SSL - Certificate

When another administrator displays the configuration of the switch, the JavaScript code then runs in his web browser.

An attacker, who is allowed to connect to the administration interface of a HP ProCurve Switch can therefore generate a Cross Site Scripting.

CHARACTERISTICS

- Identifiers: BID-37001, VIGILANCE-VUL-9189
- Url: http://vigilance.fr/vulnerability/H...




See previous articles

    

See next articles