PT-2008-3030 · Imperva · Imperva Securesphere Mx Management Server

Published

2008-03-24

Updated

2017-08-08

CVE-2008-1463

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Imperva SecureSphere MX Management Server version 5.0

Description A cross-site scripting (XSS) issue exists in the management GUI, allowing remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere. This triggers injection into the corrective action section of an alert page.

Recommendations For Imperva SecureSphere MX Management Server version 5.0, consider disabling access to the management GUI until a fix is available to prevent potential exploitation of the XSS issue. Restrict access to the web server protected by SecureSphere to minimize the risk of arbitrary web script or HTML injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-1463

Affected Products

Imperva Securesphere Mx Management Server

PT-2008-3030 · Imperva · Imperva Securesphere Mx Management Server

CVE-2008-1463

Weakness Enumeration

Related Identifiers

Affected Products

References · 7