Release date: 2012-03-01
Updated on:
Affected Systems:
Endian UTM Firewall Appliance Application v2.5.x
Endian UTM Firewall Appliance Application v2.4.x
Description:
--------------------------------------------------------------------------------
Endian Firewall provides open-source GNU/Linux releases for routing/Firewall and unified Threat Management.
Endian Firewall v2.4.x & v2.5.0 has multiple input verification vulnerabilities and Cross-Site Request Forgery vulnerabilities. Remote attackers can exploit these vulnerabilities to operate on specific application requests and force the client module to request application functions.
<* Source: Benjamin Kunz Mejri
Link: http://marc.info /? L = full-disclosure & m = 133062908221379 & w = 2
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Endian
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.endian.com