PT-2012-2092 · Barracuda · Barracuda Link Balancer 330

Published

2012-08-23

Updated

2012-08-24

CVE-2011-5114

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Barracuda Link Balancer 330 Firmware versions 1.3.2.005 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the zoneid or scope parameter.

Recommendations For Barracuda Link Balancer 330 Firmware versions 1.3.2.005 and earlier, consider restricting access to the Authoritative DNS - DNS Zones page until a fix is available. As a temporary workaround, avoid using the zoneid and scope parameters in the affected page to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-5114

Affected Products

Barracuda Link Balancer 330

PT-2012-2092 · Barracuda · Barracuda Link Balancer 330

CVE-2011-5114

Weakness Enumeration

Related Identifiers

Affected Products

References · 3