CVE-2012-5316

Name of the Vulnerable Software and Affected Versions Barracuda Spam & Virus Firewall 600 Firmware versions 4.0.1.009 and earlier

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the Troubleshooting in the Trace route Device module or the LDAP Username in the LDAP Configuration module.

Recommendations For versions 4.0.1.009 and earlier, update to a version later than 4.0.1.009 to resolve the issue. As a temporary workaround, consider restricting access to the Troubleshooting and LDAP Configuration modules until a patch is available. Avoid using the LDAP Username field in the LDAP Configuration module with untrusted input until the issue is resolved.