SecureSphere Web Application Firewall username HTML Injection Vulnerability

Release date:
Updated on:

Affected Systems:
Imperva SecureSphere Web Application firewall9.0
Imperva SecureSphere Web Application firewall8.5
Imperva SecureSphere Web Application firewall8.0
Imperva SecureSphere Web Application firewall7.5
Imperva SecureSphere Web Application firewall7.0
Imperva SecureSphere Web Application firewall6.2
Unaffected system:
Imperva SecureSphere Web Application Firewall 9.0 patch 1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52064
Cve id: CVE-2011-4887

SecureSphere Web Application Firewall is a network Application Firewall product.

SecureSphere Web Application Firewall has the HTML injection vulnerability in implementation. Although the XSS load can be correctly detected, the event cannot be correctly filtered when displayed in the GUI. Attackers can exploit this vulnerability to execute arbitrary script code, steal Cookie authentication creden。, and control the site appearance.

<* Source: Roger Wemyss

Link: http://www.secureworks.com/research/advisories/SWRX-2012-002/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Imperva
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.imperva.com/products/wsc_web-application-firewall.html