nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.
The security product is prone to a XSS vulnerability in its redirection
routine.
nevisProxy is a Swiss secure reverse proxy with integrated web
application firewall (WAF). It acts as a central upstream entry point
for web traffic to integrated online applications. nevisProxy controls
user access and protects sensitive data, applications, services, and
systems from internal and external threats. nevisProxy is a component of
AdNovum's security framework Nevis.
The security product is prone to a XSS vulnerability in its redirection
routine.
Details:
-----------
http://www.csnc.ch/misc/files/advisories/CSNC-2012-004_Nevis_XSS_within_
302_Redirections_publicVersion.txt
References:
-----------
http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s
ubsubpage=nevisproxy
Credits:
-----------
Alexandre Herzog <alexandre.herzog (at) csnc (dot) ch [email concealed]> (Compass Security Analyst,
Switzerland)
Switzerland, 14.6.2012
Compass Security AG is a Swiss leading ethical hacking and penetration
testing company. (www.csnc.ch)
Regards
Ivan Buetler
[ reply ]