Arbor Networks has reviewed this report. This issue was addressed and
fixed in Peakflow SP releases 5.1.1 patch 6 (released on November 30,
2011) and later, 5.5 patch 4 (released on December 27, 2011) and later,
and 5.6.0 patch 1 (released on September 14, 2011). This is not a current
issue, therefore.
Customers who remain concerned should restrict web console access to
trusted network locations via network access rules.
For future security issue reports, please use the address
security (at) arbor (dot) net [email concealed] to establish communications. Arbor Networks take these
reports very seriously and seeks to work with security researchers when
possible to remedy any such issue.
-------------------------------------------------------------
jose nazario, ph.d. <jose (at) arbor (dot) net [email concealed]>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
> # Exploit Title: Arbor Networks Peakflow SP XSS
> # Date: 03 April 2012
Arbor Networks has reviewed this report. This issue was addressed and
fixed in Peakflow SP releases 5.1.1 patch 6 (released on November 30,
2011) and later, 5.5 patch 4 (released on December 27, 2011) and later,
and 5.6.0 patch 1 (released on September 14, 2011). This is not a current
issue, therefore.
Customers who remain concerned should restrict web console access to
trusted network locations via network access rules.
For future security issue reports, please use the address
security (at) arbor (dot) net [email concealed] to establish communications. Arbor Networks take these
reports very seriously and seeks to work with security researchers when
possible to remedy any such issue.
-------------------------------------------------------------
jose nazario, ph.d. <jose (at) arbor (dot) net [email concealed]>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
[ reply ]