You are here

U-252: Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks

September 6, 2012 - 6:00am

Addthis

PROBLEM:

Barracuda Web Filter Input Validation Flaws Permit Cross-Site Scripting Attacks

PLATFORM:

Barracuda Web Filter 5.0.015 is vulnerable; other versions may also be affected.

ABSTRACT:

Barracuda Web Filter Authentication Module Multiple HTML Injection Vulnerabilities

reference LINKS:

Barracuda Networks
Barracuda Networks Security ID: BNSEC-279/BNYF-5533
SecurityTracker Alert ID:  1027500
Bugtraq ID:  55394  
seclists.org
 

IMPACT ASSESSMENT:

Medium

Discussion:

Two scripts not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Barracuda Web Filter interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The 'Existing Authentication Services' listing in 'NTLM Edit - Host & Domain Name' is affected.

The upload key tab in combination with a specially crafted short domain in 'Upload Key Tab File' is affected.

Impact:

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Barracuda Web Filter interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:

The vendor has issued a fix.  Update to version Barracuda Networks Webfilter firmware 6.0.0 and up.

 

Addthis