Cisco Details Cross-Site-Scripting, Denial-of-Service Flaws
Matt Hines writes on eWeek:
Cisco Systems has addressed three sets of software vulnerabilities in its networking and security products that could leave its customers open to outside attacks including cross-site-scripting and denial-of-service attempts.More here.
The San Jose, Calif.-based firm said in a security bulletin posted to its Web site that a software vulnerability present in its Cisco Guard appliance, which is used to help prevent denial-of-service attacks on corporate Web sites, may allow an outsider to redirect users' browsers to a URL hosting cross-site scripting code.
Cisco reported that the flaw is exploitable when the appliance is providing its anti-spoofing services between a browser and a Web server, and that attackers could exploit the problem by sending malicious URLs to users via e-mail or instant messaging systems.
Cisco said that the threat could still be exploited on sites that have been designed to prevent cross-site-scripting, and that users must update their security devices to fix the issue.
posted by Fergie @ 9/22/2006 04:24:00 PM
0 Comments:
Post a Comment
<< Home