BugTraq
Back to list
|
Post reply
Re: Another ZEUS Server web admin XSS!
May 30 2003 03:06PM
security zeus com
In-Reply-To: <20030529174830.9975.qmail (at) www.securityfocus (dot) com [email concealed]>
Zeus Technology, 30th May 2003.
"Another ZEUS Server web admin XSS!" vendor response
On May 29th 2003, a cross-site-scripting attack against
the Zeus
Administration Server was reported on bugtraq (incident
"Another ZEUS
Server web admin XSS!").
Zeus Technology has investigated this report and
confirm that a cross-
site-scripting exploit is possible under very limited
conditions. This
vulnerability is present in Zeus Web Server version
4.2r2 and earlier.
Zeus have product patches which will be available
shortly through Zeus's
support channel (support (at) zeus (dot) com [email concealed]).
These patches will be included in the next revision of
Zeus Web Server
(4.2r3) when it is released.
Zeus Technology continue to advise that the
Administration Server is
shut down when not in use as a matter of routine.
Zeus Technology work closely with customers,
evaluators, security
professionals and other researchers to ensure its
products are secure
and free from defects. Any security-related comments
received at
security (at) zeus (dot) com [email concealed], or through any other means are
treated with the
utmost attention. Zeus Technology regret that the
researcher published
details of the exploit before contacting Zeus and
allowing Zeus to
prepare and distribute a fix.
--
security (at) zeus (dot) com [email concealed]
Zeus Technology Ltd
Security Response Team
Universally Serving the Net
Tel:+44(0)1223 525000 Fax:+44(0)1223 525100
http://www.zeus.com/
Zeus House, Cowley Road, Cambridge, CB4 0ZT, ENGLAND
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Zeus Technology, 30th May 2003.
"Another ZEUS Server web admin XSS!" vendor response
On May 29th 2003, a cross-site-scripting attack against
the Zeus
Administration Server was reported on bugtraq (incident
"Another ZEUS
Server web admin XSS!").
Zeus Technology has investigated this report and
confirm that a cross-
site-scripting exploit is possible under very limited
conditions. This
vulnerability is present in Zeus Web Server version
4.2r2 and earlier.
Zeus have product patches which will be available
shortly through Zeus's
support channel (support (at) zeus (dot) com [email concealed]).
These patches will be included in the next revision of
Zeus Web Server
(4.2r3) when it is released.
Zeus Technology continue to advise that the
Administration Server is
shut down when not in use as a matter of routine.
Zeus Technology work closely with customers,
evaluators, security
professionals and other researchers to ensure its
products are secure
and free from defects. Any security-related comments
received at
security (at) zeus (dot) com [email concealed], or through any other means are
treated with the
utmost attention. Zeus Technology regret that the
researcher published
details of the exploit before contacting Zeus and
allowing Zeus to
prepare and distribute a fix.
--
security (at) zeus (dot) com [email concealed]
Zeus Technology Ltd
Security Response Team
Universally Serving the Net
Tel:+44(0)1223 525000 Fax:+44(0)1223 525100
http://www.zeus.com/
Zeus House, Cowley Road, Cambridge, CB4 0ZT, ENGLAND
[ reply ]